2015-12-15 09:01:05 -0500, Chet Ramey: > On 12/14/15 6:30 PM, up201407...@alunos.dcc.fc.up.pt wrote: > > Quoting "Stephane Chazelas" <stephane.chaze...@gmail.com>: > > > > I understand what you're saying. > > As much as we would like, there's no way of stopping all attack vectors by > > only hardening bash, not only that, but also taking away its useful > > features. > > Though I still believe PS4 shouldn't be imported from the environment. > > Maybe if running with uid 0. [...]
FWIW, my use case for SHELLOPTS=xtrace is often for uid 0: SHELLOPTS=xtrace dpkg -i file.deb (debug installation scripts) SHELLOPTS=xtrace grub-install /dev/vda ... (Blocking PS4 and not SHELLOPTS=xtrace would work for me in that regard). -- Stephane
