/home/user/bin
Sean Sieger
sean.sieger at gmail.com
Sun Jul 17 19:11:37 UTC 2005
Colin Watson <cjwatson at ubuntu.com> writes:
> On Sun, Jul 17, 2005 at 02:22:58PM -0400, Sean Sieger wrote:
>> Are there possible security risks to having ~/bin referenced by the
>> PATH environment variable? Pardon the naivete, the question just popped
>> into my mind as I read,
>>
>> "Why not simply invoke the script with scriptname? If the directory
>> you are in ($PWD) is where scriptname is located, why doesn't this
>> work? This fails because, for security reasons, the current directory
>> is not by default included in a user's $PATH. It is therefore necessary
>> to explicitly invoke the script in the current directory with a
>> ./scriptname." --Mendel Cooper
>
> No. Mendel is absolutely correct when talking about the current
> directory, but there are no such concerns about an explicit directory
> such as ~/bin provided that no users other than you and root can write
> there.
I guess that is what I had in mind: say someone got past Shorewall and
deposited... oh, I think I'm getting it... even if someone could put a
script in ~/bin, without root privileges, executing said script wouldn't
work?
--
Sean Sieger
More information about the ubuntu-users
mailing list