Eduardo Bustamante wrote:
On Tue, Oct 3, 2017 at 5:01 PM, L A Walsh wrote:
[...]
Ah, because you can't protect against everything, you leave your system
open with no passwords on the logins? What's your system name again? :-)
Linda. This topic has no relation
On Tue, Oct 3, 2017 at 5:01 PM, L A Walsh wrote:
[...]
Ah, because you can't protect against everything, you leave your system
> open with no passwords on the logins? What's your system name again? :-)
Linda. This topic has no relation at all with the reported issue, and
Mikulas Patocka wrote:
The problem is not intentional sabotage of /etc/profile (there are many
other ways how to sabotage /etc/profile without $OLDPWD - and protecting
against all of them is futile).
---
Ah, because you can't protect against everything, you leave your system
open with
On Tue, Oct 03, 2017 at 10:36:17PM +0200, Mikulas Patocka wrote:
> The problem is that $OLDPWD causes unintended activations of the
> automounter and unintended delays. For example
> /root# cd /some/automounted/directory
> /some/automounted/directory# cd ~
> /root# /etc/init.d/mail-daemon start
>
On Mon, 2 Oct 2017, Chet Ramey wrote:
> On 10/1/17 7:30 PM, L A Walsh wrote:
>
> > Only in the case of login -- they user CAN'T set it before they login, but
> > someone **could** have changed the system /etc/profile script to set OLDPWD
> > to /hang (i.e. someone is behaving "maliciously").
On Mon, Oct 02, 2017 at 05:07:01PM -0700, L A Walsh wrote:
> That's fine w/me -- I was just concerned about a local DoS, if someone
> could "pollute" the login stuff.
You'd have to be root, yes?
> Hmm... there is a bash.bashrc in /etc
Only if your OS vendor has built bash with that add-on.
Chet Ramey wrote:
On 10/1/17 7:30 PM, L A Walsh wrote:
Only in the case of login -- they user CAN'T set it before they login, but
someone **could** have changed the system /etc/profile script to set OLDPWD
to /hang (i.e. someone is behaving "maliciously").
Login shells rarely get
On 10/1/17 7:30 PM, L A Walsh wrote:
> Only in the case of login -- they user CAN'T set it before they login, but
> someone **could** have changed the system /etc/profile script to set OLDPWD
> to /hang (i.e. someone is behaving "maliciously").
Login shells rarely get OLDPWD from the
Mikulas Patocka wrote:
The problem occurs even in non-login shells -
the chrome browser is
started from a bash script, on some distributions firefox is also started
from a bash script, mail daemon may start a script specified in user's
".forward" file. And these scripts also poke $OLDPWD