|
From: | L A Walsh |
Subject: | Re: Bash should reset OLDPWD upon login, *only*. |
Date: | Mon, 02 Oct 2017 17:07:01 -0700 |
User-agent: | Thunderbird |
Chet Ramey wrote:
On 10/1/17 7:30 PM, L A Walsh wrote:Only in the case of login -- they user CAN'T set it before they login, but someone **could** have changed the system /etc/profile script to set OLDPWDto /hang (i.e. someone is behaving "maliciously").Login shells rarely get OLDPWD from the environment. How about checking OLDPWD only if it appears in the environment, which would avoid the set-maliciously-in-etc-profile problem? That is consistent with the current behavior for importing PWD.
That's fine w/me -- I was just concerned about a local DoS, if someone could "pollute" the login stuff. The run-time (in a session, not login) behavior(s) have to be "controlled" by the process that spawned bash -- I don't see how it could be easily justified to have bash changing ENV vars unexpectedly in mid-session, when the user has control via the parent process. Hmm... there is a bash.bashrc in /etc.... I wonder if that's a problem. I wouldn't think it would be as much of a prob, as by default, I don't think it is called on @ login. Either way, @ login or in bashrc-- it's a pretty remote possibility, so unless it could be made more serious than just a long delay or wait I'm not so sure how much effort should be invested. Certainly something to think about and be ready to change if something worse comes up. I'll bet the win7-reboot on my cygwin install is limited to my machine given how it's windows-install is limping (my event-recorder (syslogd) won't run and MS doesn't know why -- even running an "in-place" install/upgrade to reset things didn't fix it; only way to likely fix it is to start with a new system directory & registry which would also require a reinstall of all SW: Never something to look forward to.
[Prev in Thread] | Current Thread | [Next in Thread] |