Security question

Rashkae ubuntu at
Tue Dec 17 19:40:46 UTC 2013

On 13-12-17 01:55 PM, Paul Smith wrote:
> No, Colin is correct.  If the attacker can trick you into running
> something as your own account, hence adding content to ~/bin, then
> you've already lost.  There's no point to worrying about it.
> Note how Colin points out that the attacker can modify your ~/.bashrc...
> so they can add ~/bin to your PATH themselves!  Or they can set up
> aliases or shell functions to hide "sudo", "su", "ssh", etc.
> >From a "level of security" standpoint there's NO benefit (read:
> increased security) to not including ~/bin in PATH by default.
> ".", on the other hand, is a whole different story.

Allright, fair point.  But to clarify, I'm not suggesting removing ~/bin 
from the default PATH.  However, it should be added to the end of the 
path, not prepended to the system /bin /sbin.

More information about the ubuntu-users mailing list