Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #12031
| From | up201407890@alunos.dcc.fc.up.pt |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: SHELLOPTS=xtrace security hardening |
| Date | 2015-12-16 15:33 +0100 |
| Message-ID | <mailman.14.1450276431.843.bug-bash@gnu.org> (permalink) |
| References | (4 earlier) <20151214173231.GA6524@chaz.gmail.com> <20151215003016.598611ow5f3lw4qo@webmail.alunos.dcc.fc.up.pt> <56701D21.3070700@case.edu> <20151215173342.GA12657@chaz.gmail.com> <567062DC.50209@case.edu> |
Quoting "Chet Ramey" <chet.ramey@case.edu>: > Which should not be affected by what we're talking about, which is not > importing PS4 from the environment when uid == 0. He later said "(Blocking PS4 and not SHELLOPTS=xtrace would work for me in that regard)". Still shows how useful xtrace is and how it is necessary. In this case, yes, blocking PS4 would be best when uid == 0. It could still be abused when something does setuid() to a uid other than 0 though, but obviously not as bad. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Back to gnu.bash.bug | Previous | Next | Find similar
Re: SHELLOPTS=xtrace security hardening up201407890@alunos.dcc.fc.up.pt - 2015-12-16 15:33 +0100
csiph-web