On Fri, Nov 02, 2007 at 11:34:01AM -0500, John Hasler wrote:
> I wrote:
> > See my other reponse to this thread. ~/bin at the front of $PATH is a
> > security risk.
>
> Miles writes:
> > It an attacker is able to install stuff in ~/bin, they can (and almost
> > certainly would) also modify your .
I wrote:
> See my other reponse to this thread. ~/bin at the front of $PATH is a
> security risk.
Miles writes:
> It an attacker is able to install stuff in ~/bin, they can (and almost
> certainly would) also modify your .profile (etc) to change PATH
> themselves.
There are a number of such expo
John Hasler <[EMAIL PROTECTED]> writes:
> See my other reponse to this thread. ~/bin at the front of $PATH is a
> security risk.
No it's not.
It an attacker is able to install stuff in ~/bin, they can (and almost
certainly would) also modify your .profile (etc) to change PATH
themselves.
-Miles
On Nov 1, 2007, at 3:16 PM, Douglas A. Tutty wrote:
On Thu, Nov 01, 2007 at 10:28:55AM -0500, John Hasler wrote:
Doug writes:
It would only be a security issue if the permissions on your home
directory and/or the execs themselves allowed others to execute
them.
A buggy application (buffer
On Thu, Nov 01, 2007 at 10:28:55AM -0500, John Hasler wrote:
> Doug writes:
> > It would only be a security issue if the permissions on your home
> > directory and/or the execs themselves allowed others to execute them.
>
> A buggy application (buffer overflow in Firefox...) or an evil bit of
> Ja
I am not sure I get the point of those of you who are
against having PATH=~/bin:$PATH. The PATH is just a
way to make life easier. If an executable can be run,
then it doesn't have to be in your PATH to be run.
As someone said before, you usually have in ~/bin
programs which are not available syst
John Hasler wrote:
> A writes:
> > If they've installed a binary there that has the same name as a
> > system-wide binary, its a good bet that they intend to run the local one,
> > otheriwse, why put it there? Hence it makes sense to put ~/bin on the
> > front of $PATH.
>
> See my other reponse to
Ron Johnson wrote:
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
If a malicious user has write access to your home
A writes:
> If they've installed a binary there that has the same name as a
> system-wide binary, its a good bet that they intend to run the local one,
> otheriwse, why put it there? Hence it makes sense to put ~/bin on the
> front of $PATH.
See my other reponse to this thread. ~/bin at the front
On Thu, Nov 01, 2007 at 03:15:47PM +0100, Florian Kulzer wrote:
> On Thu, Nov 01, 2007 at 06:31:22 -0700, David Fox wrote:
> > On Nov 1, 2007 5:49 AM, Florian Kulzer wrote:
> > >
> > > ~/.bash_profile does this by default nowadays:
> > >
> > > # set PATH so it includes user's private bin if it exis
Doug writes:
> It would only be a security issue if the permissions on your home
> directory and/or the execs themselves allowed others to execute them.
A buggy application (buffer overflow in Firefox...) or an evil bit of
JavaScript could be used by a "virus" to install a trojan in $HOME/bin.
--
On Thu, Nov 01, 2007 at 06:31:22 -0700, David Fox wrote:
> On Nov 1, 2007 5:49 AM, Florian Kulzer wrote:
> >
> > ~/.bash_profile does this by default nowadays:
> >
> > # set PATH so it includes user's private bin if it exists
> > if [ -d ~/bin ] ; then
> > PATH=~/bin:"${PATH}"
> > fi
> >
>
> T
On Wed, Oct 31, 2007 at 07:54:32PM -0800, Ken Irving <[EMAIL PROTECTED]> was
heard to say:
> My impression is that there's no particular reasons that it can't be done,
> but it just hasn't been done. There are probably wish list requests to
> this effect filed away somewhere on this, or so I diml
On Thu, Nov 01, 2007 at 06:54:54AM -0500, Ron Johnson wrote:
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
>
> Bu
On Nov 1, 2007 5:49 AM, Florian Kulzer <[EMAIL PROTECTED]> wrote:
>
> ~/.bash_profile does this by default nowadays:
>
> # set PATH so it includes user's private bin if it exists
> if [ -d ~/bin ] ; then
> PATH=~/bin:"${PATH}"
> fi
>
That's not as secure as putting the ~/bin part at the end.
On Thu, Nov 01, 2007 at 06:54:54 -0500, Ron Johnson wrote:
[...]
> If $(HOME)/bin were first in your $PATH, then a malicious user or
> app that has write access to your account, then they could put
> sabotaged versions of common apps into $(HOME)/bin and do all sorts
> of nasty things to you.
>
On 10/31/07 22:54, Ken Irving wrote:
> On Wed, Oct 31, 2007 at 08:31:45PM -0700, Andrew Sackville-West wrote:
>> On Wed, Oct 31, 2007 at 06:52:36PM -0800, Ken Irving wrote:
>>> On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
If all you want to do is put the mutt stuff in /usr
On Wed, Oct 31, 2007 at 08:31:45PM -0700, Andrew Sackville-West wrote:
> On Wed, Oct 31, 2007 at 06:52:36PM -0800, Ken Irving wrote:
> > On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
> > > If all you want to do is put the mutt stuff in /usr/local, why not just
> > > unpack the d
On Wed, Oct 31, 2007 at 06:52:36PM -0800, Ken Irving wrote:
> On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
> > On Thu, Nov 01, 2007 at 01:05:10PM +1100, hce wrote:
> > > On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
> > >
> > > > How are you installing mutt? Are you
hce writes:
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> searched the Debian package, but could not found it. Which of Debian
> package contains the GLIBC_2.4?
The dependencies for mutt are libc6 (>= 2.6-1), libgdbm3, libgnutls13 (>=
1.6.3-0), libidn11 (>= 0.5.18), libncu
On Wed, Oct 31, 2007 at 10:18:45PM -0400, Douglas A. Tutty wrote:
> On Thu, Nov 01, 2007 at 01:05:10PM +1100, hce wrote:
> > On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
> >
> > > How are you installing mutt? Are you compiling mutt from source or
> > > trying to install the Debian binar
On Thu, Nov 01, 2007 at 01:05:10PM +1100, hce wrote:
> On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
>
> > How are you installing mutt? Are you compiling mutt from source or
> > trying to install the Debian binary package?
> I am compiling mutt from the source, so I can install it in my
On 10/31/07, Chris Bannister <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> > Hi,
> >
> > I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> > searched the Debian package, but could not found it. Which of Debian
> > package contains the GLIBC_2
My appology. I simply did reply all, not knowing it was a message only
sent to me.
On 10/30/07, hyjial <[EMAIL PROTECTED]> wrote:
> A pleasure to help you, although I am quite clueless
> about GLIBC_2.4 ; I am going to dig a bit.
> Nevertheless, notice that you have sent your latest
> E-mail only
On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> Hi,
>
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> searched the Debian package, but could not found it. Which of Debian
> package contains the GLIBC_2.4?
>
> Also, which http source should I add it to the source.list
On Mon, Oct 29, 2007 at 09:48:00PM +1100, hce wrote:
Jim
Don't top post and don't send sources.list as an attachment
>
> On 10/29/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> > >
> > > I am installing mutt and got an error of "GLIBC_2
Hi !
First of all, according to your soources.list, you
only have access to the security updates and not to
the main debian archives. That's why you cannot
download and thus install postfix-dev.
Add these lines in your sources.list :
deb ftp://ftp.XX.debian.org/debian etch main contrib
deb-src ftp:
Hi Doug,
Thanks for your response, please find attached my sources.list
Thank you.
Jim
On 10/29/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
> >
> > I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> > searched the Debi
On Mon, Oct 29, 2007 at 01:02:31PM +1100, hce wrote:
>
> I am installing mutt and got an error of "GLIBC_2.4 is missing", I
> searched the Debian package, but could not found it. Which of Debian
> package contains the GLIBC_2.4?
>
> Also, which http source should I add it to the source.list? I tr
29 matches
Mail list logo
