Web lists-archives.com

Re: Why debian put ~/bin beginning of $PATH




spp mg [2017-08-09 04:56:58+08] wrote:

> For example , some guy put a "rm" but named "ls" to ~/bin . This "ls"
> can be virus or ransomware , user may not know it's not which he
> want("ls").

The "some guy" who does that will also modify the ~/.profile file or
similar startup scripts to _ensure_ that their program is in the
beginning of the PATH, no matter what the PATH variable was originally.

If $USER has a malicious program running with their $UID the program can
do everything the $USER can do. It's a game over situation and default
settings in ~/.profile or similar do not matter.

But sometimes it may be useful to write a root-owner startup script (one
example: /etc/X11/Xsession.d/50custom-stuff) which could do something
like

    rm --force "$HOME/bin"
    cp --recursive --force /etc/skel/. "$HOME"

so that some default files are restored at every login.

-- 
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

Attachment: signature.asc
Description: PGP signature