Bug #257... what do we do ?
Benedikt Meurer
benedikt.meurer at unix-ag.uni-siegen.de
Wed Jul 21 20:01:11 CEST 2004
Olivier wrote:
> On Wed, 2004-07-21 at 16:28, Benedikt Meurer wrote:
>
>>>I fear that adding ~/local/bin to the path could be a potential security
>>>risk...
>>
>>Could you please explain what you mean exactly?
>
>
> I mean that adding a directory located within user's dir, could lead to
> a security issue, as executables could be placed there maliciously (a
> bit like adding "." to the PATH)
> I am not in favour of changing user's PATH on his behalf.
Ok, thats a good point. It was just to make installing software locally
easier for the user. But if you look at the current startxfce4 script,
theres also a potential security risk: An attacker could just copy
/etc/xfce4/xinitrc to ~/.xfce4/xinitrc, add malicous code and mark it
executable and...
> Cheers,
> Olivier.
Benedikt
More information about the Xfce4-dev
mailing list