Re: where to submit low security vulnerability in .profile?

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: debian-user@lists.debian.org
Subject: Re: where to submit low security vulnerability in .profile?
From: Nicolas George <george@nsup.org>
Date: Mon, 19 Jun 2017 18:00:58 +0200
Message-id: <[🔎] 20170619160058.GA4865@phare.normalesup.org>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20170619155900.GE22428@khazad-dum.debian.net>
References: <[🔎] 20170618045606.7f62osvgoyixtoij@x200.davidebunch.org> <[🔎] 20170619123612.GQ22519@eeg.ccf.org> <[🔎] 20170619155900.GE22428@khazad-dum.debian.net>

Le primidi 1er messidor, an CCXXV, Henrique de Moraes Holschuh a écrit :
> That said, no, it is not usually considered a security vulnerability,
> because NOT using the full path to run commands such as "su" and "sudo"
> in the first place IS considered gross negligence.

If your account has been compromised so much that an attacker was able
to add something in ~/bin/, then using the full path of the commands
does not bring any extra security.

Regards,

-- 
  Nicolas George

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: where to submit low security vulnerability in .profile?
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

References:
- where to submit low security vulnerability in .profile?
  - From: David Bunch <depb@posteo.net>
- Re: where to submit low security vulnerability in .profile?
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: where to submit low security vulnerability in .profile?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: where to submit low security vulnerability in .profile?
Next by Date: Re: where to submit low security vulnerability in .profile?
Previous by thread: Re: where to submit low security vulnerability in .profile?
Next by thread: Re: where to submit low security vulnerability in .profile?
Index(es):
- Date
- Thread