Security question

[Rashkae]

On 13-12-17 01:21 PM, Colin Watson wrote:
> On Mon, Dec 16, 2013 at 08:09:14PM -0500, Rashkae wrote:
>> On 13-12-16 06:56 PM, Bob wrote:
>>> I am fairly new to Linux so I have been reading "A Practical Guide to Linux
>>> Commands, Editors and Shell Programming",  In the book they say that it is a
>>> security issue to place the working directory and/or the home directory at the
>>> front of the PATH.  Is this true?  If it is why does Ubuntu put the home
>>> directory first in the PATH?
>> That's a very good catch.  My system also has the home bin
>> directories at the start of my PATH, something I never even though
>> to check!
>>
>> Yes, it's true that this poses a security risk.
> No, it really doesn't.  That directory is only writable by your user, so
> anyone who can write to that directory can also control your user in
> myriad other ways; for example they could use the exact same access to
> modify ~/.bashrc.  If they have this access, they're already inside the
> security boundary you're trying to defend.
>

I already explained the attack method in the e-mail, which you 
convenient cut out in you're reply, rather than address it. I agree it's 
not something worth panicking over, but it's a very sloppy default 
configuration for a distro.