$HOME/bin
Richard W.M. Jones
rjones at redhat.com
Mon Jul 13 21:48:35 UTC 2009
On Mon, Jul 13, 2009 at 02:15:12PM +0200, Fabian Deutsch wrote:
> Adding something like this raises security concerns, as this opens doors
> for malicious software.
> E.g. some application could but a binary named "bash" in ~/bin, which
> would be run before /bin/bash.
The same application could overwrite .bash_profile too. Or it would
be very contrived to imagine a security hole that lets you create
~/bin and place an arbitrary binary into ~/bin/bash, but doesn't let
you overwrite .bash_profile. So I don't think this is a security
concern at all in the real world.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html
More information about the fedora-devel-list
mailing list