Do not use redirection characters in your shell prompt

(tanelpoder.com)

217 points tanelpoder | 1 comments | 17 Mar 21 14:38 UTC | HN request time: 0.205s | source

Show context

jandrese ◴[17 Mar 21 15:32 UTC] No.26492618[source]▶

This seems to be more of "don't paste garbage into a terminal, especially as root." With a sidenote that it might be safer if your custom application command interpreter didn't use > as the prompt character. I note that Bourne shell defaults to the safer % and # characters for the prompt. The # character for root is especially safe.

replies(6): >>26492739 #>>26492951 #>>26494723 #>>26499063 #>>26499191 #>>26501459 #

gnramires ◴[17 Mar 21 17:58 UTC] No.26494723[source]▶

>>26492618 #

What about eliminating root usage? Could sudo be used here? Or perhaps every root command should need a confirmation prompt before execution.

replies(2): >>26494893 #>>26498793 #

1. devmor ◴[17 Mar 21 18:14 UTC] No.26494893[source]▶

>>26494723 #

Yeah this feels like more of a cautionary tale about proper privilege and directory management.

Was there really a reason for OP to be inside the binary directory for the application in order to use it?

Why was the binary writeable in the first place?

If the binary was not normally writeable but the user was privileged, was it necessary to use a privileged user for this operation?

You could probably create a pretty extensive list of failures that led to this issue. I think the author honed in on the one that made the most sense to himself and missed the forest for the tree.

↑