On Sat, Apr 14, 2012 at 10:55:07AM -0400, Ted Unangst wrote:
> On Fri, Apr 13, 2012, Peter J. Philipp wrote:
> > This probably saw some debate in the past, which I did not see. On my IRC
> > channel it is concensus that the path given out is dangerous.
> Why? They whole point of putting home first is so you can override
> system software. If there are dangerous binaries appearing in your
> home directory without your knowledge, you have bigger problems.
Also, if you override them with something that's no compatible, you're
doing It Wrong.
And, all critical system software that absolutely MUST have one specific
program first is either using the full path, or setting PATH themselves.
(or they're Doing It Wrong).
I will add to Tedu's comment:
if you *think* having $HOME/bin first in your path is a security risk,
there's something completely wacky about your approache to Unix. You
should reevaluate, and possibly try to understand how the environment,
PATH, and rights relate to each other.
I can see no scenario where a problem in that area is not an indication
of a much graver problem, such as somebody abusing the basics of Unix