Re: SHELLOPTS=xtrace security hardening

[Chet Ramey]

On 12/15/15 12:33 PM, Stephane Chazelas wrote:
> 2015-12-15 09:01:05 -0500, Chet Ramey:
>> On 12/14/15 6:30 PM, up201407890@alunos.dcc.fc.up.pt wrote:
>>> Quoting "Stephane Chazelas" <stephane.chazelas@gmail.com>:
>>>
>>> I understand what you're saying.
>>> As much as we would like, there's no way of stopping all attack vectors by
>>> only hardening bash, not only that, but also taking away its useful 
>>> features.
>>> Though I still believe PS4 shouldn't be imported from the environment.
>>
>> Maybe if running with uid 0.
> [...]
> 
> FWIW, my use case for SHELLOPTS=xtrace is often for uid 0:

Which should not be affected by what we're talking about, which is not
importing PS4 from the environment when uid == 0.

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/