1 |
Mike, that exploit is neither easier nor harder if a default |
2 |
.bash_profile exists. Or, am I missing something? |
3 |
|
4 |
- John |
5 |
|
6 |
Mike Doty wrote: |
7 |
> John R. Graham wrote: |
8 |
>> like sys-apps/miscfiles. But where it should or shouldn't come from |
9 |
>> doesn't answer the fundamental question, "Shouldn't it be there, from |
10 |
>> *some* source?" |
11 |
> Easy answer: no. Do you really want any script to automatically run |
12 |
> when you login as root? think of exploits and the ability to do |
13 |
> "/bin/echo rm -rf / >> /root/.bash_profile" |
14 |
> |
15 |
> It would be nice if one could tell bash to not run any ~/.bash* when |
16 |
> {e,}uid==0. |
17 |
> |
18 |
-- |
19 |
gentoo-dev@g.o mailing list |