registry team mailing list archive

Thread
Date

registry team
Mailing list archive
Message #30592

[Bug 684393] Re: $PATH discrepency when ~/bin exists

To: registry@xxxxxxxxxxxxxxxxxxx
From: CharlesA <684393@xxxxxxxxxxxxxxxxxx>
Date: Wed, 08 Dec 2010 19:55:55 -0000
Reply-to: Bug 684393 <684393@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

If someone was able to access the box, create ~/bin and then drop a
malicious script in there, then what would stop them from editing files
that the user owns? Nothing.

It seems it's something specific to Debian, as a CentOS 5.5 box I have
doesn't have anything like that in .bashrc.

I can understand the convenience factor, if you place a different
executable there, since it's first in $PATH, but if you are doing that,
why not just edit $PATH manually?

-- 
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.
https://bugs.launchpad.net/bugs/684393

Title:
  $PATH discrepency when ~/bin exists