On Thu, Nov 01, 2007 at 06:54:54AM -0500, Ron Johnson wrote:
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
> But then, I just noticed that somehow $(HOME)/bin is the first entry
> in *my* $PATH!!! Must find out how that happened...
It would only be a security issue if the permissions on your home
directory and/or the execs themselves allowed others to execute them.
If you have a ~/bin with lax permissions, a malicious user doesn't need
a $PATH, he can just run them directly.