←back to thread

Do not use redirection characters in your shell prompt

(tanelpoder.com)
217 points tanelpoder | 2 comments | 17 Mar 21 14:38 UTC | HN request time: 0.419s | source
1. KETpXDDzR ◴[17 Mar 21 16:52 UTC] No.26493744[source]
What I see here:

- Don't give everyone root permissions

- Make important files writable by root only. If regular users should not modify it, don't allow it

- And... yes, don't allow any special characters in your prompt for "paste random stuff in my shell and run it" ppl. To be honest, I'd even lock those ppl out of the system. You could insert an invisible, uncommon char in the default prompt, detect it, and log the user out (after sending you an email ;-))

replies(1): >>26503228 #
2. LinuxBender ◴[18 Mar 21 14:44 UTC] No.26503228[source]
It happens with automation running as root too even with sudo. Some automation will always have to run as root. Bad characters, unset variables, lack of tests in the script, lack of testing of the automation, lack of chaos testing. The most common clobbering of data I have seen was not so much even copy/pasting, but rather a lack of

  set -u
  set -e
  set -o pipefail
  set -o posix
in scripts used by automation. There is shorthand for this that I am intentionally leaving out. Every shell script used in automation should at least have set -u to avoid running if variables are unset. An entertaining example was:

  rm -Rf ${MYSQL_HOME}/bin
There are a couple problems with that line, but in this case they did not source their environment file correctly and wiped /bin on many servers.