Colin Watson wrote: > > On Sat, Sep 28, 2002 at 03:15:42AM -0400, Andy Saxena wrote: > > On Thu, Sep 26, 2002 at 01:55:40PM -0500, Kent West wrote: > > > I'm using bash. "echo $PATH" reports: > > > > > > ~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games > > > > Putting ~/bin first in your $PATH is a security risk. Consider that if > > your user account got hacked into, somebody could place a modified top, > > ls, less executable in your ~/bin directory. > > I disagree that this is a security risk. I want to override > system-provided executables, hence ~/bin is at the start of my $PATH. If > my user account gets hacked into, all bets are off; it's pointless to > worry about what somebody might put in ~/bin when they could just do > whatever it was directly, modify my .bashrc, or whatever! > > I think a more sensible rule is to only put directories in $PATH that > are at least as trusted as the relevant account. Thus, /usr/bin and so > on are always fine, ~/bin is only fine for the owning user, and . is > never a good idea.
Why is ./ in the path bad? If someone hacked in, couldn't they set the path to anything they wanted? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
