On Sat, 31 Jan 2009, bryanm@acsalaska.net wrote:
> bryan@atlantis:~$ cat /etc/slackware-version
> Slackware 11.0.0
> bryan@atlantis:~$ grep trap /etc/profile
> bryan@atlantis:~$
>
> So you're saying that without a trap, a malicious user could interrupt
> the boot process and leave the system in an unintended and potentially
> vulnerable state?
This wasn't in regards to the boot process, just for all those ways that a
shell may be spawned (or highjacked). But let's face it, guys: if your
/etc/profile is simple and devoid of any security settings being applied it
really makes no difference for you. If, however, you are dealing with
untrusted users and you use that to apply some settings, you *should* be
using trap.
Given that some of the commercial Unices have been taking this precaution
for years I was simply curious as to if the Linux distros were paying the
same level of attention to detail.
One of the (many) reasons why I ended up maintaining my own distribution is
that the general secured state of the average distro out of the box was
quite pitiful. The question is, given the widespread use of Linux these
days, have things improved at all? I'm curious.
Thanks for the info.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Feb 1 22:30:59 2009
This archive was generated by hypermail 2.1.8 : Sun Feb 01 2009 - 22:30:59 AKST