|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: .exrc file security risks
Date: Tue Apr 29 2003 - 20:12:24 EDT
On Tue, 29 Apr 2003, Paul Greene wrote:
> I'm verifying the validity of a Solaris hardening guide and came across
Who is the author if this guide ? This isn't a very common recommendation.
> However, I can't find anything
The .exrc file is the configuration file for the ex(1) and vi(1) text file editors.
>From vi(1):
The editing environment defaults to certain configuration
options. When an editing session is initiated, vi attempts
to read the EXINIT environment variable. If it exists, the
editor uses the values defined in EXINIT; otherwise the
values set in $HOME/.exrc are used. If $HOME/.exrc does not
exist, the default values are used.
To use a copy of .exrc located in the current directory
other than $HOME, set the exrc option in EXINIT or
$HOME/.exrc . Options set in EXINIT can be turned off in a
local .exrc only if exrc is set in EXINIT or $HOME/.exrc.
Based on the above a "safe" configuration would be to set the value of EXINIT to "set noexrc" and create a /.exrc file with "set noexrc" specified.
> What, if any, are the risks associated with these files? (Or possibly
You can map keystrokes in vi to run external commands or combinations of other vi internal commands.
If you are this concerned about your admin environment then maybe you would be interested in running Trusted Solaris. Trusted Solaris ships with a version of vi(1) called adminvi(1) which has disabled a number of "potentially risky" features, one of them being the ability to run external commands. By default the administration roles in Trusted Solaris use adminvi(1) rather than vi(1).
-- Darren J MoffatReceived on Tue Apr 29 21:06:33 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:37 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |