Re: [gentoo-user] bash wizardry needed: PATH and MANPATH grow and grow and grow

["Boyd Stephen Smith Jr." <bss03@volumehost.net>]

[-- Attachment #1: Type: text/plain, Size: 1333 bytes --]

On Saturday 03 June 2006 16:11, znx <znxster@gmail.com> wrote about 'Re: 
[gentoo-user] bash wizardry needed: PATH and MANPATH grow and grow and 
grow':
> On 27/05/06, Kevin O'Gorman <kogorman@gmail.com> wrote:
> >  Open to debate.  I'd think it's not very dangerous at the *end* of
> > the PATH.
>
> True, I have modified the script so that a . may enter the PATH (etc)
> only as the final entry. Also good point about ~/bin .. it is just as
> dangerous.

Actually, it's not as dangerous.  ~/bin is a well-known location that is 
(normally) only writable by the user themselves.  '.' is a floating 
location, that may (from time to time) refer to a directory that is 
world-writable like /tmp, /var/tmp, or /dev/shm.

Having '.' in your path allows arbitrary guest users to run programs with 
your permissions.  Putting it at the end of your PATH prevents them from 
shadowing existing commands, but doesn't prevent them from taking 
advantage of typos.

Having ~/bin or even just ~ in your PATH does not open this security hole 
unless you also make that directory world writable.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]