/home/user/bin

Dennis Kaarsemaker dennis at kaarsemaker.net
Sun Jul 17 19:23:04 UTC 2005


On zo, 2005-07-17 at 19:49 +0100, Colin Watson wrote:
> No. Mendel is absolutely correct when talking about the current
> directory, but there are no such concerns about an explicit directory
> such as ~/bin provided that no users other than you and root can write
> there.

Theoretical situation:
1) You download an infected/malevolent program from the net. This 
   program places a malware script called vim in ~/bin.
2) You run sudo vim to edit a config file.
3) Since sudo resets neither $HOME nor $PATH, the malware script will 
   be run, if it simply executes /usr/bin/vim $@ as last bit, you will 
   not even notice that you ran something else.

So in short, this way (~/bin in path by default with sudo not resetting
$PATH if you simply invoke a program), linux viruses will have a chance.

Even better than not having ~/bin in your apth if you are allowed to use
sudo, would be that sudo resets PATH, HOME etc. by default. 
-- 
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050717/233d2662/attachment.sig>


More information about the ubuntu-users mailing list