| 1 |
Mike, that exploit is neither easier nor harder if a default |
| 2 |
.bash_profile exists. Or, am I missing something? |
| 3 |
|
| 4 |
- John |
| 5 |
|
| 6 |
Mike Doty wrote: |
| 7 |
> John R. Graham wrote: |
| 8 |
>> like sys-apps/miscfiles. But where it should or shouldn't come from |
| 9 |
>> doesn't answer the fundamental question, "Shouldn't it be there, from |
| 10 |
>> *some* source?" |
| 11 |
> Easy answer: no. Do you really want any script to automatically run |
| 12 |
> when you login as root? think of exploits and the ability to do |
| 13 |
> "/bin/echo rm -rf / >> /root/.bash_profile" |
| 14 |
> |
| 15 |
> It would be nice if one could tell bash to not run any ~/.bash* when |
| 16 |
> {e,}uid==0. |
| 17 |
> |
| 18 |
-- |
| 19 |
gentoo-dev@g.o mailing list |
Archives