Clarification

From: Niall Smart (njs3at_private)
Date: Tue Jun 02 1998 - 03:36:42 PDT

Next message: Matthieu Araman: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug"

Previous message: Erik Troan: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In my response to the patch posted for bash I stated that the same
functionality could be more easily achieved by removing the --noprofile
option and putting the equivalent commands in /etc/profile.  This claim
is completely bogus, as bash will only read /etc/profile when invoked
with *argv[0] == '-' or with the --login option.  Many thanks to the
innumerable people who reminded me of this.

This does not change the main point I was trying to make, namely that
getting around this "intrusion detection" technique is trivial.

Niall

Next message: Matthieu Araman: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug"
Previous message: Erik Troan: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:25 PDT