bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHELLOPTS=xtrace security hardening


From: up201407890
Subject: Re: SHELLOPTS=xtrace security hardening
Date: Wed, 16 Dec 2015 15:33:25 +0100
User-agent: Internet Messaging Program (IMP) H3 (4.2)

Quoting "Chet Ramey" <address@hidden>:


Which should not be affected by what we're talking about, which is not
importing PS4 from the environment when uid == 0.


He later said "(Blocking PS4 and not SHELLOPTS=xtrace would work for me in that
regard)".

Still shows how useful xtrace is and how it is necessary.

In this case, yes, blocking PS4 would be best when uid == 0.

It could still be abused when something does setuid() to a uid other than 0 though, but obviously not as bad.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]