[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GLIBC_2.4

On Thu, Nov 01, 2007 at 06:54:54AM -0500, Ron Johnson wrote:
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
> But then, I just noticed that somehow $(HOME)/bin is the first entry
> in *my* $PATH!!!  Must find out how that happened...

It would only be a security issue if the permissions on your home
directory and/or the execs themselves allowed others to execute them.

If you have a ~/bin with lax permissions, a malicious user doesn't need
a $PATH, he can just run them directly.  


Reply to: