Mike, that exploit is neither easier nor harder if a default
.bash_profile exists. Or, am I missing something?
- John
Mike Doty wrote:
> John R. Graham wrote:
>> like sys-apps/miscfiles. But where it should or shouldn't come from
>> doesn't answer the fundamental question, "Shouldn't it be there, from
>> *some* source?"
> Easy answer: no. Do you really want any script to automatically run
> when you login as root? think of exploits and the ability to do
> "/bin/echo rm -rf / >> /root/.bash_profile"
>
> It would be nice if one could tell bash to not run any ~/.bash* when
> {e,}uid==0.
>
--
[EMAIL PROTECTED] mailing list
