[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHELLOPTS=xtrace security hardening
From: |
up201407890 |
Subject: |
Re: SHELLOPTS=xtrace security hardening |
Date: |
Tue, 15 Dec 2015 17:37:47 +0100 |
User-agent: |
Internet Messaging Program (IMP) H3 (4.2) |
Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>:
I don't know if you can make a non-interactive bash write to the
$HISTFILE, but bash, even when non-interactive, even when called
as sh, with SHELLOPTS=history will *read* the HISTFILE.
Thanks for clearing that up for me. Makes sense.
Quoting "Chet Ramey" <chet.ramey@case.edu>:
I understand what you're saying.
As much as we would like, there's no way of stopping all attack vectors by
only hardening bash, not only that, but also taking away its useful
features.
Though I still believe PS4 shouldn't be imported from the environment.
Maybe if running with uid 0.
That's something to think about.
You just need to enable history (set -o history). History is independent
of whether or not the shell is interactive; it's just enabled by default
in interactive shells.
doing a "set -o history" didn't work for me, only when i added a
"history -a" eg:
$ cat test.sh
#!/bin/bash
set -o history
HISTFILE="/tmp/history"
HISTSIZE="1000"
printf 'something\n'
$ ./test.sh
something
$ ls /tmp/history
ls: cannot access /tmp/history: No such file or directory
$ echo history -a >> test.sh
$ ./test.sh
something
$ ls /tmp/history
/tmp/history
$ cat !$
HISTFILE="/tmp/history"
HISTSIZE="1000"
printf 'something\n'
history -a
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- Re: SHELLOPTS=xtrace security hardening, (continued)
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/10
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/11
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/13
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/13
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/13
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening,
up201407890 <=
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/16
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/16