ubuntu at tigershaunt.com
Tue Dec 17 18:41:24 UTC 2013
On 13-12-17 01:21 PM, Colin Watson wrote:
> On Mon, Dec 16, 2013 at 08:09:14PM -0500, Rashkae wrote:
>> On 13-12-16 06:56 PM, Bob wrote:
>>> I am fairly new to Linux so I have been reading "A Practical Guide to Linux
>>> Commands, Editors and Shell Programming", In the book they say that it is a
>>> security issue to place the working directory and/or the home directory at the
>>> front of the PATH. Is this true? If it is why does Ubuntu put the home
>>> directory first in the PATH?
>> That's a very good catch. My system also has the home bin
>> directories at the start of my PATH, something I never even though
>> to check!
>> Yes, it's true that this poses a security risk.
> No, it really doesn't. That directory is only writable by your user, so
> anyone who can write to that directory can also control your user in
> myriad other ways; for example they could use the exact same access to
> modify ~/.bashrc. If they have this access, they're already inside the
> security boundary you're trying to defend.
I already explained the attack method in the e-mail, which you
convenient cut out in you're reply, rather than address it. I agree it's
not something worth panicking over, but it's a very sloppy default
configuration for a distro.
More information about the ubuntu-users