←back to thread

Do not use redirection characters in your shell prompt

(tanelpoder.com)
217 points tanelpoder | 1 comments | 17 Mar 21 14:38 UTC | HN request time: 0.285s | source
Show context
jandrese ◴[17 Mar 21 15:32 UTC] No.26492618[source]
This seems to be more of "don't paste garbage into a terminal, especially as root." With a sidenote that it might be safer if your custom application command interpreter didn't use > as the prompt character. I note that Bourne shell defaults to the safer % and # characters for the prompt. The # character for root is especially safe.
replies(6): >>26492739 #>>26492951 #>>26494723 #>>26499063 #>>26499191 #>>26501459 #
gnramires ◴[17 Mar 21 17:58 UTC] No.26494723[source]
What about eliminating root usage? Could sudo be used here? Or perhaps every root command should need a confirmation prompt before execution.
replies(2): >>26494893 #>>26498793 #
1. salawat ◴[18 Mar 21 01:16 UTC] No.26498793[source]
So if someone grabs your hair during a fight, are you going to go bald the rest of your life? Just paste it somewhere besides a terminal. I swear, security people have run away with everyone's good sense.

There's a point of diminishing returns where running with something that can cause a problem is completely practicable and justifiable. We don't need the nteenth "Shell that protects you from malicious paste" functionality. Just use root judiciously. If you can't be comfortable running as root and keeping yourself out of trouble, then you really don't know enough to use the machine safely.

You must be 10% smarter than the piece of equipment. No amount of good natured or well-intentioned "protect you from yourself" coding will obviate you of the need to know what you are doing, the limitations of the machine, and the limitations of the program you're using. In fact, all it does is increase the bar for how many things worth of minutiae you have to account for.