Sebastien Marie wrote: > > I would recommand to run neofetch (or others fortune(6)-like program) under > interactive shell only. >
While this is good advice, security(8) cannot guarantee that .profile will not generate output to stdout or stderr, and the code makes this assumption, so the output should be suppressed regardless. This is followed when evaluating .login and .cshrc in check_csh() but omitted in the checks for .profile for Korn shell. I believe it is an oversight. IIRC .profile should only be executed on login shells, but login shells are not necessarily interactive.
