registry team mailing list archive

Thread
Date

[Bug 684393] Re: $PATH discrepency when ~/bin exists

To: registry@xxxxxxxxxxxxxxxxxxx
From: Gerfried Fuchs <684393@xxxxxxxxxxxxxxxxxx>
Date: Wed, 08 Dec 2010 19:28:14 -0000
Reply-to: Bug 684393 <684393@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

   Hi!

 Actually I fail to see the security impact of this. If a user creates
the bin directory themself and put stuff  in there themself then it's on
their own intention, not? I really fail to see the security part of the
issue. Actually it makes sense to have ~/bin first in PATH to be able to
override system tools intentionally.

 I highly doubt that this will be changed on dubious reasoning and
actually wonder why it was forwarded to Debian.

 To be honest, if a malicious person is able to put an ls program into
~/bin of a user they are also able to change their ~/.profile and put
~/bin first in PATH again, so it gets no additional security, at all.

 Thanks,
Rhonda

-- 
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.
https://bugs.launchpad.net/bugs/684393

Title:
  $PATH discrepency when ~/bin exists