Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #12029
| From | Stephane Chazelas <stephane.chazelas@gmail.com> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: SHELLOPTS=xtrace security hardening |
| Date | 2015-12-15 17:33 +0000 |
| Message-ID | <mailman.2177.1450200833.31583.bug-bash@gnu.org> (permalink) |
| References | (2 earlier) <20151213220817.GC7138@chaz.gmail.com> <20151214180113.169546iutu72yw9k@webmail.alunos.dcc.fc.up.pt> <20151214173231.GA6524@chaz.gmail.com> <20151215003016.598611ow5f3lw4qo@webmail.alunos.dcc.fc.up.pt> <56701D21.3070700@case.edu> |
2015-12-15 09:01:05 -0500, Chet Ramey: > On 12/14/15 6:30 PM, up201407890@alunos.dcc.fc.up.pt wrote: > > Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>: > > > > I understand what you're saying. > > As much as we would like, there's no way of stopping all attack vectors by > > only hardening bash, not only that, but also taking away its useful features. > > Though I still believe PS4 shouldn't be imported from the environment. > > Maybe if running with uid 0. [...] FWIW, my use case for SHELLOPTS=xtrace is often for uid 0: SHELLOPTS=xtrace dpkg -i file.deb (debug installation scripts) SHELLOPTS=xtrace grub-install /dev/vda ... (Blocking PS4 and not SHELLOPTS=xtrace would work for me in that regard). -- Stephane
Back to gnu.bash.bug | Previous | Next | Find similar
Re: SHELLOPTS=xtrace security hardening Stephane Chazelas <stephane.chazelas@gmail.com> - 2015-12-15 17:33 +0000
csiph-web