Security question
Colin Watson
cjwatson at ubuntu.com
Tue Dec 17 18:21:21 UTC 2013
On Mon, Dec 16, 2013 at 08:09:14PM -0500, Rashkae wrote:
> On 13-12-16 06:56 PM, Bob wrote:
> >I am fairly new to Linux so I have been reading "A Practical Guide to Linux
> >Commands, Editors and Shell Programming", In the book they say that it is a
> >security issue to place the working directory and/or the home directory at the
> >front of the PATH. Is this true? If it is why does Ubuntu put the home
> >directory first in the PATH?
>
> That's a very good catch. My system also has the home bin
> directories at the start of my PATH, something I never even though
> to check!
>
> Yes, it's true that this poses a security risk.
No, it really doesn't. That directory is only writable by your user, so
anyone who can write to that directory can also control your user in
myriad other ways; for example they could use the exact same access to
modify ~/.bashrc. If they have this access, they're already inside the
security boundary you're trying to defend.
--
Colin Watson [cjwatson at ubuntu.com]
More information about the ubuntu-users
mailing list