On Thu, Nov 01, 2007 at 06:54:54AM -0500, Ron Johnson wrote: > If $(HOME)/bin were first in your $PATH, then a malicious user or > app that has write access to your account, then they could put > sabotaged versions of common apps into $(HOME)/bin and do all sorts > of nasty things to you. > > But then, I just noticed that somehow $(HOME)/bin is the first entry > in *my* $PATH!!! Must find out how that happened...
It would only be a security issue if the permissions on your home directory and/or the execs themselves allowed others to execute them. If you have a ~/bin with lax permissions, a malicious user doesn't need a $PATH, he can just run them directly. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
