Re: Where should I put my own perl command scripts ?

Bit Twister wrote:

On Tue, 20 Nov 2007 03:47:06 GMT, Robert M. Riches Jr. wrote:

Nonsense. $HOME/bin should be _before_ the other paths.

Downside is, the security hole which that provides the black hat. Bad
juju can happen there after.

What "security hole"??

If you allow users to execute their own code at all they can short
circuit any command and/or run anything they want anyway. The $PATH has
absolutely nothing to do with it. If you allow them to set the executable
bit they're golden.

The security comes from isolating their privileges so all they can muck
up is stuff they own, not from keeping them from intercepting common
system programs and substituting their own. Even attempting to restrict
the latter without flatly disallowing execution of *all* self-installed
executable files is an exercise in silliness.

Put the user's $HOME/bin in the path first, where it belongs, and let
them replace/rewrite whatever the heck they want. The only thing putting
it last in the path accomplishes is making users who don't care to fix it
back to proper with a simple EXPORT or .*rc file edit have to type full
path names to run their own code. :(

If
a user creates $HOME/bin/ls, it's because said user wants to work
around some failing of the system-supplied version.

User can alias the broken command to run their own copy without the
bigger danger of placing their path ahead of system.

Bah! There's no difference. Certainly no additional danger. If you let
them alias to their own commands they have the exact same facility to do
damage as they would "replacing" system wide executables with their own
like named files using the $PATH. They also have the ability to set their
$PATH to any blessed thing they please anyway. ;)
.

Relevant Pages

  • [NEWS] DB2 on iSeries Stored Procedures Vulnerability
    ... Beyond Security would like to welcome Tiscali World Online ... This vulnerability lets an otherwise limited user execute iSeries ... This vulnerability lets a user execute REXX scripts. ... CL programs sources are kept in Source files. ...
    (Securiteam)
  • [Full-Disclosure] Flaws security feature of SP2
    ... Author: Jürgen Schmidt, heise Security ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)
  • RE: [Full-Disclosure] Flaws security feature of SP2
    ... Flaws security feature of SP2 ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)
  • Re: System.Security.SecurityException was unhandled
    ... assembly actually has the permission in question. ... Try and find the sorce of the security permission error, ... setting was done on both versions 1.1 and 2.0 .NET framework. ... When I execute the application I received and error message. ...
    (microsoft.public.dotnet.security)
  • Re: Mac viruses are easy to make...
    ... "Mac vs. Windows Security: Mac Benefits Explained" ... The only time it is checked is when these priv levels are attempting to execute at higher privs. ... This outlines several BUFFER OVERFLOW scenarios that involved AFP, which means that the system was REMOTELY VULNERABLE. ...
    (comp.sys.mac.advocacy)