Hi, On Wed, Jun 13, 2018 at 06:28:47PM +0200, Alois Mahdal wrote:
> I've seen many examples with .bashrc, but .bashrc only does it for bash > (and only in interactive mode, IIRC). One has to do it for something > like .xsessionrc -- frankly I'm not sure if there is such file that applies. > > OTOH, by adding .local/bin, the attacker does not have to care where (or > how) to set the path, they really only need to drop new file. we are talking about a change in ~/.bash_profile here which sources ~/.bashrc. If you are thinking of scenarios where these files are not sourced, then the PATH is not changed in that scenarios. Therefore these scenarios would not matter here. Also from an attacker's perspective: The attacker can just change multiple files if necessary. Kind regards Till _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/QPM57FSMJCBIZXDA2JGUHAPMVUJFX7AH/
