Quoting "Chet Ramey" <chet.ra...@case.edu>:
Which should not be affected by what we're talking about, which is not
importing PS4 from the environment when uid == 0.
He later said "(Blocking PS4 and not SHELLOPTS=xtrace would work for
me in that
regard)".
Still shows how useful xtrace is and how it is necessary.
In this case, yes, blocking PS4 would be best when uid == 0.
It could still be abused when something does setuid() to a uid other
than 0 though, but obviously not as bad.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
