Security - Remove relative bin from $PATH #1544
Open
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Having ./bin in your PATH is extremely dangerous, and even moreso when it's the first entry and will override base system tools like `ls` . A different mechanism should be used for in-project executables. This PR removes the security hole without addressing ways to handle in-project executables.
|
my hunch is this is relative path that is assumed to be pointing to ~/.local/share/omarchy/bin |
Per a previous thread, the intended goal was to make it easy to run in-project executables.... I hope I don't actually have to lay out the trivial exploit to get attention on this. |
|
It's a duplicate of #481 |
Partially. #481 is trying to address providing the in-project bin and has completely stalled. The last comment from a developer is over a month ago. This much simpler PR is only addressing the security issue, which is trivial and obvious and if I'm being honest it's frustrating that it isn't being taken seriously. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Having ./bin in your PATH is extremely dangerous, and even moreso when it's the first entry and will override base system tools like
ls. A different mechanism should be used for in-project executables.This PR removes the security hole without addressing ways to handle in-project executables.