Re: GLIBC_2.4

To: debian-user@lists.debian.org
Subject: Re: GLIBC_2.4
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Thu, 1 Nov 2007 09:08:16 -0400
Message-id: <[🔎] 20071101130816.GA6599@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 4729BE8E.7010000@cox.net>
References: <95455e980710281902h75546f52pfc5f6630cdf4fa64@mail.gmail.com> <20071031005707.GA2437@box> <[🔎] 95455e980710311905p141f49c4g1e5e4665c3fc0640@mail.gmail.com> <[🔎] 20071101021845.GA8078@titan.hooton> <[🔎] 20071101025236.GA16704@localhost> <[🔎] 20071101033145.GE29856@localhost.localdomain> <[🔎] 20071101035432.GA21242@localhost> <[🔎] 4729BE8E.7010000@cox.net>

On Thu, Nov 01, 2007 at 06:54:54AM -0500, Ron Johnson wrote:

> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
> 
> But then, I just noticed that somehow $(HOME)/bin is the first entry
> in *my* $PATH!!!  Must find out how that happened...

It would only be a security issue if the permissions on your home
directory and/or the execs themselves allowed others to execute them.

If you have a ~/bin with lax permissions, a malicious user doesn't need
a $PATH, he can just run them directly.  

Doug.

Reply to:

Follow-Ups:
- Re: GLIBC_2.4
  - From: John Hasler <jhasler@debian.org>

References:
- Re: GLIBC_2.4
  - From: hce <webmail.hce@gmail.com>
- Re: GLIBC_2.4
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>
- Re: GLIBC_2.4
  - From: Ken Irving <fnkci@uaf.edu>
- Re: GLIBC_2.4
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: GLIBC_2.4
  - From: Ken Irving <fnkci@uaf.edu>
- Re: GLIBC_2.4
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: Debian on Core2Duo 64bit
Next by Date: WINE under Lenny
Previous by thread: Re: GLIBC_2.4
Next by thread: Re: GLIBC_2.4
Index(es):
- Date
- Thread