I was reading a Stack Exchange answer here about a connected topic, and part of the accepted answer said this:
never place user-writeable
PATH
elements ahead of those that can only be modified byroot
Is this true? Is it dangerous to have /usr/local/bin
ahead of /usr/bin
in your PATH
, due to /usr/local/bin
being user-writeable?
The reason I ask is because my own PATH
has /usr/local/bin
ahead of /usr/bin
; the reason being that I followed the advice of Homebrew (a third-party package manager for MacOS). They even give you a command (on this page) to make this change for all users. The purpose of this is that Homebrew installs its binaries to /usr/local/bin
, so by putting it ahead of /usr/bin
in the PATH
, it allows you (and other applications) to access newer versions of binaries that you've installed through Homebrew into /usr/local/bin
, instead of the (often outdated) default versions in /usr/bin
included with MacOS.
The specific danger alleged by the guy I originally linked to is this:
[P]utting
/usr/local/bin
ahead of/usr/bin
in thePATH
... would be a security hole since Homebrew gives ownership of that directory to your user. That permission change from the macOS default means that even an extremely unsophisticated malware could use this hole to get root privileges. All they'd have to do is add some other common command here likels
, then pass the commands through to/bin/ls
until they see you've run it throughsudo
, then they take over.
I tried finding out the default PATH
for MacOS. I think I changed mine with the command provided by Homebrew (follow link above to see it). So my new "default" PATH
in MacOS has /usr/local/bin
ahead of /usr/bin
. But from searching, I think the stock PATH
provided by Apple does actually have /usr/bin
ahead of /usr/local/bin
; the accepted answer here and the third answer here (the one by Mike Taber) seem to suggest this. From their answers, it looks like the default MacOS PATH
is something like /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin
, which I think would be impervious to the attack described above, right?
I think I understand the theory of the attack. But if it's right, then why is Homebrew recommending doing something which is apparently dangerous?
(EDIT: I just edited the order of these paragraphs because it wasn't in a logical order before)
TL;DR
Is it dangerous to have user-writeable directories like /usr/local/bin
ahead of /usr/bin
in your PATH
, and if so, why does Homebrew (third-party package manager for MacOS) recommend it?
$HOME/bin
directory for this. I am willing to live with the security risk of replacing one of the standard utilities, since/usr/local/bin
is read-only to non-root users.