On Mon, May 8, 2017 at 3:09 PM, Chet Ramey <chet.ra...@case.edu> wrote:
> There's no compelling reason to disallow it.  If a system administrator
> wants to unbind certain readline commands (and unset INPUTRC!) to protect
> against a specific use case, he is free to do that.

I agree. I changed my mind after sending that email. I still think it
would be prudent to mention this in the docs somewhere. Perhaps a
section on "security notes" in the manual/reference? or a mention in
the FAQ?

Similar to sudo's manual page:

- http://manpages.ubuntu.com/manpages/xenial/man8/sudo.8.html#contenttoc5
- http://manpages.ubuntu.com/manpages/xenial/man8/sudo.8.html#contenttoc12

I couldn't find any decent reference online that mentions a few of the
"traps" that bash has in regards to secure programming (e.g. "don't
evaluate user supplied input in arithmetical contexts without
sanitizing!", "be careful with SHELLOPTS/xtrace/PS4!", "don't use read
-e unless you trust the user supplying the info or know how to plug
the holes", "don't evaluate user supplied regular expressions!")

And... I just realized this was discussed before here:
https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00098.html

IMO, just having it documented somewhere is good enough.

Reply via email to