Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Thoughts on protecting against PATH interception via user owned profiles

X-seq: zsh-users 24571
From: Andrew Parker <andrew.j.c.parker@xxxxxxxxx>
To: Roman Perepelitsa <roman.perepelitsa@xxxxxxxxx>
Subject: Re: Thoughts on protecting against PATH interception via user owned profiles
Date: Tue, 17 Dec 2019 21:35:43 +0800
Cc: Zsh Users <zsh-users@xxxxxxx>
In-reply-to: <CAN=4vMrcbVGp5P0DQ5MB4O7agzzW8iPMnjmFJxvN0WwdqomAtw@mail.gmail.com>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
References: <CAG78ipVksGrRjOdV0H=qofrtSNHfeh_OHg2GD9AjjnbF42JoMw@mail.gmail.com> <CAN=4vMr6DCXWHL0Om4nZ6_y1AJA8vDpOKbu3qfCz-5MunSDO4w@mail.gmail.com> <CAG78ipXk4PBboU0c0A+Y7y6sLgb0WgHjFQZqHSboXNDbSc-1qQ@mail.gmail.com> <CAN=4vMrcbVGp5P0DQ5MB4O7agzzW8iPMnjmFJxvN0WwdqomAtw@mail.gmail.com>

Thanks. Info well received! Terminal on macOS starts a login shell for each
tab btw.

On Sun, Dec 15, 2019 at 10:43 PM Roman Perepelitsa <
roman.perepelitsa@xxxxxxxxx> wrote:

> On Sun, Dec 15, 2019 at 3:31 PM Andrew Parker
> <andrew.j.c.parker@xxxxxxxxx> wrote:
> >
> > Oh man. Back at keyboard now. I see this is nothing zsh specific. The
> solution was right in front of me all the time. Just exit 1 from
> /etc/profile will work in bash.
>
> Note that /etc/profile is sourced by bash only when starting a login
> shell. It's not sourced when connecting over SSH, when running
> non-interactively or when starting an interactive shell without
> `--login`. Many (most? all?) graphical terminals start non-interactive
> shell when opening a new tab.
>
> All zsh processes start by sourcing /etc/zshenv (the actual location
> is hard-coded in the binary and can be overridden when building zsh)
> but there is no equivalent file for bash.
>
> I don't know if this makes any difference to your defense strategy but
> thought it might be worth mentioning.
>
> Roman.
>

References:
- Thoughts on protecting against PATH interception via user owned profiles
  - From: Andrew Parker
- Re: Thoughts on protecting against PATH interception via user owned profiles
  - From: Roman Perepelitsa
- Re: Thoughts on protecting against PATH interception via user owned profiles
  - From: Andrew Parker
- Re: Thoughts on protecting against PATH interception via user owned profiles
  - From: Roman Perepelitsa

Messages sorted by: Reverse Date, Date, Thread, Author