spp mg [2017-08-09 04:56:58+08] wrote:
> For example , some guy put a "rm" but named "ls" to ~/bin . This "ls"
> can be virus or ransomware , user may not know it's not which he
> want("ls").
The "some guy" who does that will also modify the ~/.profile file or
similar startup scripts to _ensure_ that their program is in the
beginning of the PATH, no matter what the PATH variable was originally.
If $USER has a malicious program running with their $UID the program can
do everything the $USER can do. It's a game over situation and default
settings in ~/.profile or similar do not matter.
But sometimes it may be useful to write a root-owner startup script (one
example: /etc/X11/Xsession.d/50custom-stuff) which could do something
like
rm --force "$HOME/bin"
cp --recursive --force /etc/skel/. "$HOME"
so that some default files are restored at every login.
--
/// Teemu Likonen - .-.. <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
signature.asc
Description: PGP signature
