Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: .exrc file security risks

From: Darren J Moffat <Darren.Moffat(at)Sun.COM>
Date: Thu May 01 2003 - 13:46:59 EDT

On Tue, 29 Apr 2003, Benjamin A. Okopnik wrote:

> tar xvzf evil.tgz

There is no such option in in /usr/bin/vi on Solaris, and no support for such a file.

The way to "lock this down" for the root user is to create a ~root/.exrc file with the line "set noexrc" in it. Also remember to do /bin/su - rather than just /bin/su (so that $EXINIT isn't passed alone).

-- 
Darren J Moffat

Received on Thu May 1 18:07:10 2003

This message: [ Message body ]
Next message: Benjamin A. Okopnik: "Re: .exrc file security risks"
Previous message: Benjamin A. Okopnik: "Re: .exrc file security risks"
In reply to: Benjamin A. Okopnik: "Re: .exrc file security risks"
In reply to Benjamin A. Okopnik: "Re: .exrc file security risks"
Next in thread: Rex Monty di Bona: "Re: .exrc file security risks"
Reply: Rex Monty di Bona: "Re: .exrc file security risks"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:37 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library