Sean Sieger sean.sieger at gmail.com
Sun Jul 17 19:11:37 UTC 2005

Colin Watson <cjwatson at ubuntu.com> writes:

> On Sun, Jul 17, 2005 at 02:22:58PM -0400, Sean Sieger wrote:
>> Are there possible security risks to having ~/bin referenced by the
>> PATH environment variable? Pardon the naivete, the question just popped
>> into my mind as I read,
>>      "Why not simply invoke the script with scriptname? If the directory
>>      you are in ($PWD) is where scriptname is located, why doesn't this
>>      work? This fails because, for security reasons, the current directory
>>      is not by default included in a user's $PATH. It is therefore necessary
>>      to explicitly invoke the script in the current directory with a
>>      ./scriptname."       --Mendel Cooper
> No. Mendel is absolutely correct when talking about the current
> directory, but there are no such concerns about an explicit directory
> such as ~/bin provided that no users other than you and root can write
> there.

I guess that is what I had in mind: say someone got past Shorewall and
deposited... oh, I think I'm getting it... even if someone could put a
script in ~/bin, without root privileges, executing said script wouldn't
Sean Sieger

More information about the ubuntu-users mailing list