Path: csiph.com!xmission!news.glorb.com!usenet.stanford.edu!not-for-mail
From: up201407890@alunos.dcc.fc.up.pt
Newsgroups: gnu.bash.bug
Subject: Re: SHELLOPTS=xtrace security hardening
Date: Tue, 15 Dec 2015 00:30:16 +0100
Lines: 26
Approved: bug-bash@gnu.org
Message-ID: <mailman.2115.1450135831.31583.bug-bash@gnu.org>
References: <20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt> <566DAFC6.4040407@case.edu> <20151213220817.GC7138@chaz.gmail.com> <20151214180113.169546iutu72yw9k@webmail.alunos.dcc.fc.up.pt> <20151214173231.GA6524@chaz.gmail.com>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Trace: usenet.stanford.edu 1450135831 30727 208.118.235.17 (14 Dec 2015 23:30:31 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bug-bash@gnu.org, Chet Ramey <chet.ramey@case.edu>
To: "Stephane Chazelas" <stephane.chazelas@gmail.com>
Envelope-to: bug-bash@gnu.org
In-Reply-To: <20151214173231.GA6524@chaz.gmail.com>
Content-Disposition: inline
User-Agent: Internet Messaging Program (IMP) H3 (4.2)
X-Virus-Scanned: amavisd-new at alunos.dcc.fc.up.pt
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 193.136.39.109
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.bash.bug:12015

Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>:

I understand what you're saying.
As much as we would like, there's no way of stopping all attack  
vectors by only hardening bash, not only that, but also taking away  
its useful features.
Though I still believe PS4 shouldn't be imported from the environment.

> Should we also block SHELLOPTS=history
> HISTFILE=/some/file like /proc/$pid/fd/$fd and
> TZ=/proc/$pid/fd/$fd (like for your /bin/date command) as that
> allows DoS on other processes (like where those fds are for
> pipes).

Mind explaining this one?
I can't seem to write to HISTFILE in a non-interactive shell, or am i  
missing something?

Thanks.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.