[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHELLOPTS=xtrace security hardening
From: |
Stephane Chazelas |
Subject: |
Re: SHELLOPTS=xtrace security hardening |
Date: |
Tue, 15 Dec 2015 17:33:42 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
2015-12-15 09:01:05 -0500, Chet Ramey:
> On 12/14/15 6:30 PM, up201407890@alunos.dcc.fc.up.pt wrote:
> > Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>:
> >
> > I understand what you're saying.
> > As much as we would like, there's no way of stopping all attack vectors by
> > only hardening bash, not only that, but also taking away its useful
> > features.
> > Though I still believe PS4 shouldn't be imported from the environment.
>
> Maybe if running with uid 0.
[...]
FWIW, my use case for SHELLOPTS=xtrace is often for uid 0:
SHELLOPTS=xtrace dpkg -i file.deb
(debug installation scripts)
SHELLOPTS=xtrace grub-install /dev/vda
...
(Blocking PS4 and not SHELLOPTS=xtrace would work for me in that
regard).
--
Stephane
- Re: SHELLOPTS=xtrace security hardening, (continued)
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/14
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/16
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening,
Stephane Chazelas <=
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/16