[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHELLOPTS=xtrace security hardening
From: |
up201407890 |
Subject: |
Re: SHELLOPTS=xtrace security hardening |
Date: |
Tue, 15 Dec 2015 00:30:16 +0100 |
User-agent: |
Internet Messaging Program (IMP) H3 (4.2) |
Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>:
I understand what you're saying.
As much as we would like, there's no way of stopping all attack
vectors by only hardening bash, not only that, but also taking away
its useful features.
Though I still believe PS4 shouldn't be imported from the environment.
Should we also block SHELLOPTS=history
HISTFILE=/some/file like /proc/$pid/fd/$fd and
TZ=/proc/$pid/fd/$fd (like for your /bin/date command) as that
allows DoS on other processes (like where those fds are for
pipes).
Mind explaining this one?
I can't seem to write to HISTFILE in a non-interactive shell, or am i
missing something?
Thanks.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- SHELLOPTS=xtrace security hardening, up201407890, 2015/12/10
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/10
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/11
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/13
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/13
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/13
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening,
up201407890 <=
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/16
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15