[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHELLOPTS=xtrace security hardening
From: |
up201407890 |
Subject: |
Re: SHELLOPTS=xtrace security hardening |
Date: |
Wed, 16 Dec 2015 15:33:25 +0100 |
User-agent: |
Internet Messaging Program (IMP) H3 (4.2) |
Quoting "Chet Ramey" <chet.ramey@case.edu>:
Which should not be affected by what we're talking about, which is not
importing PS4 from the environment when uid == 0.
He later said "(Blocking PS4 and not SHELLOPTS=xtrace would work for
me in that
regard)".
Still shows how useful xtrace is and how it is necessary.
In this case, yes, blocking PS4 would be best when uid == 0.
It could still be abused when something does setuid() to a uid other
than 0 though, but obviously not as bad.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- Re: SHELLOPTS=xtrace security hardening, (continued)
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, up201407890, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/16
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Stephane Chazelas, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening, Chet Ramey, 2015/12/15
- Re: SHELLOPTS=xtrace security hardening,
up201407890 <=