 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Tue, Nov 11, 2003 at 03:09:21AM +0000, dsr at tao.merseine.nu wrote: > Let's add another safety tip: don't add . to $PATH for normal users, > but do add ~/bin, and use the /etc/rc.skel or equivalent to create > ~/bin for all new users. When people want to add special commands, > putting them in their local bin is The Right Thing To Do. That SEEMS like a good idea, but it's actually worse than having '.' in the user's path. Why? Because the user can almost certainly write files to ~/bin. This means that, say, someone exploiting a hole in Mozilla could make your browser write their malicious script into ~/bin and make it executable. Now you have a much more likely attack vector, since that directory is also in the user's PATH. Bad bad bad. Red Hat used to set ~/bin up, by default. They don't anymore. :) Never put user-writable directories in the PATH. If you're going to ignore that, and/or put '.' in the PATH, be sure to at least put them in LAST. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.blu.org/pipermail/discuss/attachments/20031111/25fa30e3/attachment.sig>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
