Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-30 Thread Andy Saxena
On Sat, Sep 28, 2002 at 08:27:23AM +0100, Colin Watson wrote: > I disagree that this is a security risk. I want to override > system-provided executables, hence ~/bin is at the start of my $PATH. If > my user account gets hacked into, all bets are off; it's pointless to > worry about what somebody

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-28 Thread Colin Watson
On Sat, Sep 28, 2002 at 05:44:58PM +1000, Russell wrote: > Colin Watson wrote: > > I think a more sensible rule is to only put directories in $PATH that > > are at least as trusted as the relevant account. Thus, /usr/bin and so > > on are always fine, ~/bin is only fine for the owning user, and .

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-28 Thread Sean 'Shaleh' Perry
On Saturday 28 September 2002 00:44, Russell wrote: > > Why is ./ in the path bad? If someone hacked in, couldn't they > set the path to anything they wanted? mostly because you just never know what you will find in '.'. Being forced to type ./foo helps you be aware of where you are and what yo

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-28 Thread Cameron Hutchison
Once upon a time Russell said... > Colin Watson wrote: > > > > I think a more sensible rule is to only put directories in $PATH that > > are at least as trusted as the relevant account. Thus, /usr/bin and so > > on are always fine, ~/bin is only fine for the owning user, and . is > > never a good

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-28 Thread Russell
Colin Watson wrote: > > On Sat, Sep 28, 2002 at 03:15:42AM -0400, Andy Saxena wrote: > > On Thu, Sep 26, 2002 at 01:55:40PM -0500, Kent West wrote: > > > I'm using bash. "echo $PATH" reports: > > > > > > ~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games > > > > Putting ~/bin first in you

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-28 Thread Colin Watson
On Sat, Sep 28, 2002 at 03:15:42AM -0400, Andy Saxena wrote: > On Thu, Sep 26, 2002 at 01:55:40PM -0500, Kent West wrote: > > I'm using bash. "echo $PATH" reports: > > > > ~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games > > Putting ~/bin first in your $PATH is a security risk. Conside

Re: Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-27 Thread Kent West
Andy Saxena wrote: >On Thu, Sep 26, 2002 at 01:55:40PM -0500, Kent West wrote: > > >>I'm using bash. "echo $PATH" reports: >> >>~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games >> >> >> > >Putting ~/bin first in your $PATH is a security risk. Consider that if >your user account go

Dangerous to have ~/bin first in $PATH [was Re: Odd Path issue]

2002-09-27 Thread Andy Saxena
On Thu, Sep 26, 2002 at 01:55:40PM -0500, Kent West wrote: > I'm using bash. "echo $PATH" reports: > > ~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games > Putting ~/bin first in your $PATH is a security risk. Consider that if your user account got hacked into, somebody could place a mo