Hi Martin, About this:
On Sat, 13 Jul 2024 11:59:47 +0200 Lorenzo <plore...@disroot.org> wrote: > > For the /usr/local issue, please open another bug, or start a > discussion in init-diversity or DNG list. > I did some digging and I don't think I'm going to remove local from PATH; I think having executables there to mask system's equivalent is the intended usage, and if an attacker has write access on root the system is already compromised.. there was a bug about this few years ago, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23913876 Also, for comparison, I tested 'echo $PATH' in a getty under systemd and sysvinit and it looks like both have local in PATH. Regards, Lorenzo
