On 03/05/18 12:23 -0400, R P Herrold wrote:
By convention additions to the path come LAST in priority, because of well known privilege escalation attack approaches (the incautious admin sits down at a 'trapped' nominally sick workstation, and fails to use a fully qualified path to 'su' or 'sudo' , or omits to add the '-' to cause PATH cleansing).
Either the admin does one of those things, or they're screwed anyway because a user (or attacker with access to the user's account) who wants to escalate their privileges can edit the user's PATH. The user can always do that, whether Fedora puts ~/.local/bin early in the PATH by default or not. I don't think I like the idea of putting it early in the PATH by default, but I don't have a solid argument for why I don't like it. None of the "security" arguments presented are convincing though. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
