It looks like it depends on the Debian version.

Not sure if I upgraded from 8 to 9 or started with a fresh install:

But that is not necessarily true. If stars align correctly a malicious actor could exploit a vulnerable webapp to drop a file while being unable to modify PATH for used logged in through shell. This is not a big deal, but it could make exploitation a tiny bit easier. Like always, balancing security and convenience.

I found why I could not see it
Its on my system in /etc/skel/.profile . ~/.profile is where all by aliases live. So /etc/skel/.profile is copied after new account is created to ~/.profile. First thing I do when I set up a new account is overwrite ~/.profile with my own so killing the change dead.

Its a hack in your shell configuration. If you using a shell that does not use .profile you don't have it either.

Just something extra has been added to my list to remove.

/etc/login.defs
Basically without .profile hacks you fall back to the login.defs. I was not thinking that this was just simple shell hacking.

If you can drop a file into ~/bin, you can probably also drop a file over the top of ~/.bashrc. Seriously, if the attacker already has the ability to write files to your home directory, it really doesn't matter what the default $PATH is... it won't help.

An attacker could also do this:
Maybe its better that we leave PATH permanently empty and always call our commands by path.

Glad to see that there's at least some developers out there with a brain to make some decent decisions, instead of all the pseudo security bullshit. And yes anyone who "hates" this change for "security" is exactly the pseudo security preacher I'm talking about, with no actual basis. Yes, if you think I'm talking about you (who reads this post), then I am.

I mean, look at this gem:...or, you know, just execute an_evil_script.sh DIRECTLY if he really had control and your user's privilege.

Really guys (not you, the others), drop this pseudo security bullshit mentality, ffs. Anyone who can "drop" files in .local/bin (which is under your user, so only you can acess) can already execute his fucking program, if he somehow managed to gain your user's privilege. Why would he round trip his exploit by dropping it there at all? Not to mention, he can modify your .profile to begin with, LOL.


Ah, I know you're wondering "but what if I use sudo and then I execute an_evil_script by mistake?" as a cop out. Sorry, sudo changes PATH and won't run your .local/bin, it will say program not found Pseudo security at its finest but I'm not surprised to see the same people worried about this change as usual.

Sure. I probably shouldn't have used shell to express myself here. If the attacker had no ability to run anything on the system but enough to add files and replace old ones like already suggested, they could replace .bashrc with their own version. That way they could add their script to the .bashrc and it could do anything they wish. (not limited to replacing ls).

My post was a reply to the issue of being able to replace ls. It had nothing to do with the fact that there are other more convenient ways of attacking.

The move to base of x86_64 CPUs is great. Lucky they even have an i686 port.

Well in this case it would be more of situation where the Window has already been open and you choose between half-open or fully-open. You can still get in, but in one case you have to give the window a little push before entering.

I guess you could use Flatpak around browsers to provide user-controlled filesystem isolation