On Wed, January 28, 2009 8:24 am, Arthur Corliss wrote:
> On Mon, 26 Jan 2009, Christopher Howard wrote:
>
>> I'm going to sound like a real noob here, but can you explain a bit more
>> about the 'trap' and 'exit' part? Is this something I'm supposed to add to
>> some init script or something? (I'll read the man pages if you'll point me
>> to
>> the right ones.)
>
> It's worth mentioning for the more paranoid out there: if you want to
> control your user's environment (*especially* if you're using the rc file to
> selectively enable a restricted shell) you should wrap all of /etc/profile's
> code between two trap calls (one to disable the default signal handlers, and
> one to re-enable them once you're finished with your initialization).
>
> Sounds like a good poll for everyone here: can everyone check your distro's
> /etc/profile and report if they use trap as the first & last commands? It'd
> be good to see what the relative paranoia of the various distros are.
> Report back to the list!
bryan@atlantis:~$ cat /etc/slackware-version
Slackware 11.0.0
bryan@atlantis:~$ grep trap /etc/profile
bryan@atlantis:~$
So you're saying that without a trap, a malicious user could interrupt
the boot process and leave the system in an unintended and potentially
vulnerable state?
-- Bryan Medsker bryanm@acsalaska.net --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Sat Jan 31 03:36:36 2009
This archive was generated by hypermail 2.1.8 : Sat Jan 31 2009 - 03:36:37 AKST