Re: GLIBC_2.4

To: debian-user@lists.debian.org
Subject: Re: GLIBC_2.4
From: John Hasler <jhasler@debian.org>
Date: Fri, 02 Nov 2007 11:34:01 -0500
Message-id: <[🔎] 87sl3oip3a.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] buomytx1bwo.fsf@dhapc248.dev.necel.com> (Miles Bader's message of "Fri\, 02 Nov 2007 13\:58\:31 +0900")
References: <20071031005707.GA2437@box> <[🔎] 95455e980710311905p141f49c4g1e5e4665c3fc0640@mail.gmail.com> <[🔎] 20071101021845.GA8078@titan.hooton> <[🔎] 20071101025236.GA16704@localhost> <[🔎] 20071101033145.GE29856@localhost.localdomain> <[🔎] 20071101035432.GA21242@localhost> <[🔎] 4729BE8E.7010000@cox.net> <[🔎] 20071101124959.GA23347@pc0197> <[🔎] 359a3c580711010631h2ee13834q3cb05a24f601b222@mail.gmail.com> <[🔎] 20071101141547.GB25769@pc0197> <[🔎] 20071101154535.GJ29856@localhost.localdomain> <[🔎] 87hck6x7m4.fsf@toncho.dhh.gt.org> <[🔎] buomytx1bwo.fsf@dhapc248.dev.necel.com>

I wrote:
> See my other reponse to this thread.  ~/bin at the front of $PATH is a
> security risk.

Miles writes:
> It an attacker is able to install stuff in ~/bin, they can (and almost
> certainly would) also modify your .profile (etc) to change PATH
> themselves.

There are a number of such exposures for the naive users that are now
starting to put Linux on their computers.  They will be exploited when the
number of vulnerable machines gets large enough.
-- 
John Hasler

Reply to:

Follow-Ups:
- Re: GLIBC_2.4
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

References:
- Re: GLIBC_2.4
  - From: hce <webmail.hce@gmail.com>
- Re: GLIBC_2.4
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>
- Re: GLIBC_2.4
  - From: Ken Irving <fnkci@uaf.edu>
- Re: GLIBC_2.4
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: GLIBC_2.4
  - From: Ken Irving <fnkci@uaf.edu>
- Re: GLIBC_2.4
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: GLIBC_2.4
  - From: Florian Kulzer <florian.kulzer+debian@icfo.es>
- Re: GLIBC_2.4
  - From: "David Fox" <dfox94085@gmail.com>
- Re: GLIBC_2.4
  - From: Florian Kulzer <florian.kulzer+debian@icfo.es>
- Re: GLIBC_2.4
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: GLIBC_2.4
  - From: John Hasler <jhasler@debian.org>
- Re: GLIBC_2.4
  - From: Miles Bader <miles.bader@necel.com>

Prev by Date: Re: intall nvidia driver on debian lenny
Next by Date: Re: Apt-Get or Aptitude
Previous by thread: Re: GLIBC_2.4
Next by thread: Re: GLIBC_2.4
Index(es):
- Date
- Thread