Re: Are there any protection againts heisting the "shell builtin"s?
> On Sep 8, 2021, at 02:24, jim hook wrote: > ... > ex.: "unset cd" would help, but any solution in general? I alias ‘ls’ to my preferred args. Sometimes I don’t want those. In ksh, I just use \ls to not use the alias. I confirmed \cd will use the builtin (at least on ksh) with: $cd() { > echo hello > } $ cd /tmp hello $ \cd /tmp $ pwd /tmp
Re: Are there any protection againts heisting the "shell builtin"s?
> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook > Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? directory permissions. in code: for u in /home/* do chown "$u" "/home/$u" chmod go-w "/home/$u" which you should find is already the default.
Re: Are there any protection againts heisting the "shell builtin"s?
> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook > Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? > Date: Wed, 8 Sep 2021 19:41:46 +0959 > From: Reuben ua Bríġ > directory permissions. in code: > > for u in /home/* > do chown "$u" "/home/$u" > chmod go-w "/home/$u" > > which you should find is already the default. oops, wrong code. i meant cd /home for u in * do set -- "$u" "$u/.profile" chown "$u" "$@" chmod go-w "$@" done assuming you have the usual directory set-up. a more general solution would involve parsing /etc/passwd
Re: Are there any protection againts heisting the "shell builtin"s?
> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook > Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? > Date: Wed, 8 Sep 2021 19:41:46 +0959 > From: Reuben ua Bríġ > directory permissions. in code: > > for u in /home/* > do chown "$u" "/home/$u" > chmod go-w "/home/$u" > > which you should find is already the default. > Date: Wed, 8 Sep 2021 19:50:26 +1000 > From: Reuben ua Bríġ > oops, wrong code. i meant > > cd /home > for u in * > do set -- "$u" "$u/.profile" > chown "$u" "$@" > chmod go-w "$@" > done > > assuming you have the usual directory set-up. > a more general solution would involve parsing /etc/passwd except that in general you should never do anything as root to files under a directory owned by a user other than root, as that user could replace the file with a symbolic link to some other file, and trick you into modifying some important system file. secure ways of doing basic stuff in obsd are... convoluted.
Re: Are there any protection againts heisting the "shell builtin"s?
On Wed, Sep 08, 2021 at 11:24:18AM +0200, jim hook wrote: > test$ cd > rmplayer > test$ > test$ type cd > cd is a function > test$ > test$ tail -4 .profile > cd() > { > echo rmplayer > } > test$ > test$ uname -mrs > OpenBSD 6.9 amd64 > test$ > > Thinking of that home dirs could be on a shared storage, that can be accessed > by others and maliciously modify the ".profile", etc. files of the targeted > user. > > ex.: "unset cd" would help, but any solution in general? If your $HOME is on a shared drive that can be written by others, then blocking people from redefining shell builtins would be like throwing deck chairs off the Titanic, i.e., you have no security whatsoever. The only general solution is to have your home directory under better control.
Re: Are there any protection againts heisting the "shell builtin"s?
Hi Jim, jim hook wrote on Wed, Sep 08, 2021 at 11:24:18AM +0200: > test$ cd > rmplayer > test$ > test$ type cd > cd is a function > test$ > test$ tail -4 .profile > cd() > { > echo rmplayer > } > test$ > test$ uname -mrs > OpenBSD 6.9 amd64 > test$ Those are useful features. I doubt you will find any Unix user who never used aliases or shell functions to modify the behaviour of system commands to better suit their personal taste. Even myself, though i dislike changing default configuration in general, currently have an alias in place that modifies the default behaviour of rm(1). From what i have heard, most OpenBSD developers use aliases or shell functions for several commands, not just for one. > Thinking of that home dirs could be on a shared storage, that can > be accessed by others and maliciously modify the ".profile", > etc. files of the targeted user. That is not an issue by any stretch of the imagination. If anyone else has write access to your home directory, you have already lost the game, and the number of ways how they own you is is next to unlimited. Yours, Ingo
Are there any protection againts heisting the "shell builtin"s?
test$ cd rmplayer test$ test$ type cd cd is a function test$ test$ tail -4 .profile cd() { echo rmplayer } test$ test$ uname -mrs OpenBSD 6.9 amd64 test$ Thinking of that home dirs could be on a shared storage, that can be accessed by others and maliciously modify the ".profile", etc. files of the targeted user. ex.: "unset cd" would help, but any solution in general? Thanks.