© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
> does NOT improve security at all
Reason why it does : all the other paths in PATH by default are root-writeable only. If a personal ~/bin folder is at the front by default, all it takes is for someone to exploit you is to e.g. get you to unpack an archive in your HOME that has
a) the files you wanted and
also b) a ./bin folder containing a `cd` program, for example
Installing a persistent override of common system commands only requires user-level access with your ~/bin at the front of PATH.
Yes, you still only need user-level access to add a line to someone's bash profiles to add ~/bin (or any other folder) to the start of PATH. But it's one more little thing to overcome. It might be the difference between you getting pwned or not. Adding a line to the bash profile elevates the difficulty from just tricking a user into plonking files on the filesystem to editing them.