Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #12029
| Path | csiph.com!au2pb.net!feeder.erje.net!2.us.feeder.erje.net!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Stephane Chazelas <stephane.chazelas@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: SHELLOPTS=xtrace security hardening |
| Date | Tue, 15 Dec 2015 17:33:42 +0000 |
| Lines | 27 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.2177.1450200833.31583.bug-bash@gnu.org> (permalink) |
| References | <20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt> <566DAFC6.4040407@case.edu> <20151213220817.GC7138@chaz.gmail.com> <20151214180113.169546iutu72yw9k@webmail.alunos.dcc.fc.up.pt> <20151214173231.GA6524@chaz.gmail.com> <20151215003016.598611ow5f3lw4qo@webmail.alunos.dcc.fc.up.pt> <56701D21.3070700@case.edu> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| X-Trace | usenet.stanford.edu 1450200833 2128 208.118.235.17 (15 Dec 2015 17:33:53 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | up201407890@alunos.dcc.fc.up.pt, bug-bash@gnu.org |
| To | Chet Ramey <chet.ramey@case.edu> |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=wbRE0yKBR1tAhYK0PLCqdTKC/rE05hZTdx9xbCo0J58=; b=c5V1nanEINQOZsVnhVR3ay/Gd0si9MB59Xc+gKn9sbejUevv8xxSdaD/PHOBfLJ08O hI63Y8grKYDpVfoq8geuZEfhK86cWjpS/adG44RzilWkUbrd/DhMPrU2JpY2dxCaO8Of hH/6lnX+wgmlwHskK4cQXKnBcmtLilF2RbpN1Rc3w5CmfaXQ5o7vNXLgUNQR4aPs5R8f NpqiKStZh7bAq5tM+51MKiTtVlreuukAfCOfqM/8r60CMjXAkBzon5SnsN0n6nWqil6m QcuOgIosK/lpj/aUOjMlCLSdZpGUcezx/HNA195QfrZi0foiq4+8qHqbptK7HNf76xvQ gY4g== |
| X-Received | by 10.28.95.193 with SMTP id t184mr6460373wmb.7.1450200824815; Tue, 15 Dec 2015 09:33:44 -0800 (PST) |
| Content-Disposition | inline |
| In-Reply-To | <56701D21.3070700@case.edu> |
| User-Agent | Mutt/1.5.21 (2010-09-15) |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] |
| X-Received-From | 2a00:1450:400c:c09::234 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:12029 |
Show key headers only | View raw
2015-12-15 09:01:05 -0500, Chet Ramey: > On 12/14/15 6:30 PM, up201407890@alunos.dcc.fc.up.pt wrote: > > Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>: > > > > I understand what you're saying. > > As much as we would like, there's no way of stopping all attack vectors by > > only hardening bash, not only that, but also taking away its useful features. > > Though I still believe PS4 shouldn't be imported from the environment. > > Maybe if running with uid 0. [...] FWIW, my use case for SHELLOPTS=xtrace is often for uid 0: SHELLOPTS=xtrace dpkg -i file.deb (debug installation scripts) SHELLOPTS=xtrace grub-install /dev/vda ... (Blocking PS4 and not SHELLOPTS=xtrace would work for me in that regard). -- Stephane
Back to gnu.bash.bug | Previous | Next | Find similar
Re: SHELLOPTS=xtrace security hardening Stephane Chazelas <stephane.chazelas@gmail.com> - 2015-12-15 17:33 +0000
csiph-web