[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATH q'n
On Tue, Feb 26, 2002 at 04:44:21PM +0000, Yuri K wrote:
> Hello all,
> Why is ~/bin goes first in the PATH? Is not this insecure?
Not if you `chmod 700 ~/bin`.
It should be at the front of your $PATH so you can override the
system defaults. Put the GNU ``ls'' in your ~/bin and you can use
it as you would expect without disturbing anybody else on the
system. Depending on your shell, it's a viable alternative to
``alias'' for making sure, for example, that ``ls'' is always ``ls
What *is* insecure, and what you might be confusing this with, is
having ``.'' *anywhere* in your path, especially at the front. A
malicious attacker could put an ``ls'' in a directory that's
really a trojan. When you cd'd to that directory and did an ls, it
would emulate an ls (and perhaps the entire shell), hide its
presence, and do its nasty stuff with your priveleges. And if you
did that ls while su'd to root...well, that's just another reason
to use sudo.
But if you're the only one with write access to your ~/bin, then
you're the only one who can plant surprises for yourself (like,
perhaps, forgetting to capitalize that -F). Except for root, of
course, in which case you're already hosed.
> Best regards,
[demime 0.98d removed an attachment of type application/pgp-signature]
- PATH q'n
- From: Yuri K <email@example.com>