Re: [Help-stow] Installing without root privileges in /usr/local

[enclair]

Le 6 mars 2012 23:49, Adam Spiers <address@hidden> a écrit :

That should work fine, as per

 http://www.gnu.org/software/stow/manual/html_node/Compile_002dtime-vs-Install_002dtime.html#Compile_002dtime-vs-Install_002dtime

I don't understand this part.
 

although you should be aware that this potentially reduces the
security of the whole system to that of the user with access to
/usr/local/stow.  If that user's account was compromised, and there
was an existing symlink from /usr/local/bin/foo to
/usr/local/stow/package/bin/foo, then the intruder would only need to
replace the latter with a trojaned version and wait for it to be run
in order to gain root access.

You mean "and wait for it to be run as root user" don't you?
For a system with only one user, the security should be the same than installing in $HOME/local, shouldn't it?