Re: Bash should reset OLDPWD upon login, *only*.

2017-10-03 Thread L A Walsh
Eduardo Bustamante wrote: On Tue, Oct 3, 2017 at 5:01 PM, L A Walsh wrote: [...] Ah, because you can't protect against everything, you leave your system open with no passwords on the logins? What's your system name again? :-) Linda. This topic has no relation

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-03 Thread Eduardo Bustamante
On Tue, Oct 3, 2017 at 5:01 PM, L A Walsh wrote: [...] Ah, because you can't protect against everything, you leave your system > open with no passwords on the logins? What's your system name again? :-) Linda. This topic has no relation at all with the reported issue, and

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-03 Thread L A Walsh
Mikulas Patocka wrote: The problem is not intentional sabotage of /etc/profile (there are many other ways how to sabotage /etc/profile without $OLDPWD - and protecting against all of them is futile). --- Ah, because you can't protect against everything, you leave your system open with

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-03 Thread Greg Wooledge
On Tue, Oct 03, 2017 at 10:36:17PM +0200, Mikulas Patocka wrote: > The problem is that $OLDPWD causes unintended activations of the > automounter and unintended delays. For example > /root# cd /some/automounted/directory > /some/automounted/directory# cd ~ > /root# /etc/init.d/mail-daemon start >

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-03 Thread Mikulas Patocka
On Mon, 2 Oct 2017, Chet Ramey wrote: > On 10/1/17 7:30 PM, L A Walsh wrote: > > > Only in the case of login -- they user CAN'T set it before they login, but > > someone **could** have changed the system /etc/profile script to set OLDPWD > > to /hang (i.e. someone is behaving "maliciously").

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-03 Thread Greg Wooledge
On Mon, Oct 02, 2017 at 05:07:01PM -0700, L A Walsh wrote: > That's fine w/me -- I was just concerned about a local DoS, if someone > could "pollute" the login stuff. You'd have to be root, yes? > Hmm... there is a bash.bashrc in /etc Only if your OS vendor has built bash with that add-on.

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-02 Thread L A Walsh
Chet Ramey wrote: On 10/1/17 7:30 PM, L A Walsh wrote: Only in the case of login -- they user CAN'T set it before they login, but someone **could** have changed the system /etc/profile script to set OLDPWD to /hang (i.e. someone is behaving "maliciously"). Login shells rarely get

Re: Bash should reset OLDPWD upon login, *only*.

2017-10-02 Thread Chet Ramey
On 10/1/17 7:30 PM, L A Walsh wrote: > Only in the case of login -- they user CAN'T set it before they login, but > someone **could** have changed the system /etc/profile script to set OLDPWD > to /hang (i.e. someone is behaving "maliciously"). Login shells rarely get OLDPWD from the

Bash should reset OLDPWD upon login, *only*.

2017-10-01 Thread L A Walsh
Mikulas Patocka wrote: The problem occurs even in non-login shells - the chrome browser is started from a bash script, on some distributions firefox is also started from a bash script, mail daemon may start a script specified in user's ".forward" file. And these scripts also poke $OLDPWD