/home/user/bin
Dennis Kaarsemaker
dennis at kaarsemaker.net
Sun Jul 17 19:23:04 UTC 2005
On zo, 2005-07-17 at 19:49 +0100, Colin Watson wrote:
> No. Mendel is absolutely correct when talking about the current
> directory, but there are no such concerns about an explicit directory
> such as ~/bin provided that no users other than you and root can write
> there.
Theoretical situation:
1) You download an infected/malevolent program from the net. This
program places a malware script called vim in ~/bin.
2) You run sudo vim to edit a config file.
3) Since sudo resets neither $HOME nor $PATH, the malware script will
be run, if it simply executes /usr/bin/vim $@ as last bit, you will
not even notice that you ran something else.
So in short, this way (~/bin in path by default with sudo not resetting
$PATH if you simply invoke a program), linux viruses will have a chance.
Even better than not having ~/bin in your apth if you are allowed to use
sudo, would be that sudo resets PATH, HOME etc. by default.
--
Dennis K.
- Linux for human beings: http://www.ubuntulinux.org
- Linux voor normale mensen: http://www.ubuntulinux.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050717/233d2662/attachment.sig>
More information about the ubuntu-users
mailing list