Bug #257... what do we do ?

Benedikt Meurer benedikt.meurer at unix-ag.uni-siegen.de
Wed Jul 21 20:01:11 CEST 2004

Olivier wrote:
> On Wed, 2004-07-21 at 16:28, Benedikt Meurer wrote:
>>>I fear that adding ~/local/bin to the path could be a potential security
>>Could you please explain what you mean exactly?
> I mean that adding a directory located within user's dir, could lead to
> a security issue, as executables could be placed there maliciously (a
> bit like adding "." to the PATH)
> I am not in favour of changing user's PATH on his behalf.

Ok, thats a good point. It was just to make installing software locally 
easier for the user. But if you look at the current startxfce4 script, 
theres also a potential security risk: An attacker could just copy 
/etc/xfce4/xinitrc to ~/.xfce4/xinitrc, add malicous code and mark it 
executable and...

> Cheers,
> Olivier.


More information about the Xfce4-dev mailing list