Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #12031
| Path | csiph.com!au2pb.net!feeder.erje.net!2.us.feeder.erje.net!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | up201407890@alunos.dcc.fc.up.pt |
| Newsgroups | gnu.bash.bug |
| Subject | Re: SHELLOPTS=xtrace security hardening |
| Date | Wed, 16 Dec 2015 15:33:25 +0100 |
| Lines | 23 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.14.1450276431.843.bug-bash@gnu.org> (permalink) |
| References | <20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt> <566DAFC6.4040407@case.edu> <20151213220817.GC7138@chaz.gmail.com> <20151214180113.169546iutu72yw9k@webmail.alunos.dcc.fc.up.pt> <20151214173231.GA6524@chaz.gmail.com> <20151215003016.598611ow5f3lw4qo@webmail.alunos.dcc.fc.up.pt> <56701D21.3070700@case.edu> <20151215173342.GA12657@chaz.gmail.com> <567062DC.50209@case.edu> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1450276431 11815 208.118.235.17 (16 Dec 2015 14:33:51 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | Stephane Chazelas <stephane.chazelas@gmail.com>, bug-bash@gnu.org |
| To | chet.ramey@case.edu |
| Envelope-to | bug-bash@gnu.org |
| In-Reply-To | <567062DC.50209@case.edu> |
| Content-Disposition | inline |
| User-Agent | Internet Messaging Program (IMP) H3 (4.2) |
| X-Virus-Scanned | amavisd-new at alunos.dcc.fc.up.pt |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.6.x |
| X-Received-From | 193.136.39.109 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:12031 |
Show key headers only | View raw
Quoting "Chet Ramey" <chet.ramey@case.edu>: > Which should not be affected by what we're talking about, which is not > importing PS4 from the environment when uid == 0. He later said "(Blocking PS4 and not SHELLOPTS=xtrace would work for me in that regard)". Still shows how useful xtrace is and how it is necessary. In this case, yes, blocking PS4 would be best when uid == 0. It could still be abused when something does setuid() to a uid other than 0 though, but obviously not as bad. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Back to gnu.bash.bug | Previous | Next | Find similar
Re: SHELLOPTS=xtrace security hardening up201407890@alunos.dcc.fc.up.pt - 2015-12-16 15:33 +0100
csiph-web