From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 1dd7f820 for ; Sun, 15 Dec 2019 21:07:39 +0000 (UTC) Received: (qmail 11504 invoked by alias); 15 Dec 2019 14:43:59 -0000 Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Users List List-Post: List-Help: List-Unsubscribe: X-Seq: 24543 Received: (qmail 3638 invoked by uid 1010); 15 Dec 2019 14:43:59 -0000 X-Qmail-Scanner-Diagnostics: from mail-il1-f177.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.1/25656. spamassassin: 3.4.2. Clear:RC:0(209.85.166.177):SA:0(-2.0/5.0):. Processed in 1.152591 secs); 15 Dec 2019 14:43:59 -0000 X-Envelope-From: roman.perepelitsa@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.166.177 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9pSDar9MxUHarlML3eb8IvVNhtH3TsDIpeXaezbx3L0=; b=h7K8gLY7pIJia/A6uqzuOJC6QaKDOYoFB82V3g58WTq1x0SnWfn7XKvjQUenJBZ9EE rBpWz/9SsLOTpKMm+ZD+GYvl07LSumy1VNjzqpdHBgMoCvcK2Sg4TYl0uplOb1603bSS dXB6XySYxQlCcaXwHGW5swzVXgZDQ83Aesskplz+03inzlAjAXHyF5IP+Qkepv7LE3zy DX8ihsGd6ialu0PKCW8ScsNzvnkgyUQ4Lt2Tbftrpqm1/bXBzEzT6RkZj8WM8ILeXZ2g +JuzgUGZSjydA4aHIlfwjxDPYYWo/dtNuqhwc1X1/vOB3pbrVtiHx06lN0loP4Rk3jNM 5xPg== X-Gm-Message-State: APjAAAWjhi27MU510Et/53XhhyJb6LnO7fwtmc52kLxqsQQ/51C9WFOV pI0StPvmTRXuatNCTa0UL18URsHWLpuLqAgObdc= X-Google-Smtp-Source: APXvYqyqtUz45RvAogymtvd2vdexAce1Oj+21zVbNUL5gShoKXc09AJqn7afl4DpmTqCs0Rag/JyCVNJGrpplUFP/Vg= X-Received: by 2002:a92:d642:: with SMTP id x2mr8604281ilp.169.1576421005259; Sun, 15 Dec 2019 06:43:25 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Roman Perepelitsa Date: Sun, 15 Dec 2019 15:43:14 +0100 Message-ID: Subject: Re: Thoughts on protecting against PATH interception via user owned profiles To: Andrew Parker Cc: Zsh Users Content-Type: text/plain; charset="UTF-8" On Sun, Dec 15, 2019 at 3:31 PM Andrew Parker wrote: > > Oh man. Back at keyboard now. I see this is nothing zsh specific. The solution was right in front of me all the time. Just exit 1 from /etc/profile will work in bash. Note that /etc/profile is sourced by bash only when starting a login shell. It's not sourced when connecting over SSH, when running non-interactively or when starting an interactive shell without `--login`. Many (most? all?) graphical terminals start non-interactive shell when opening a new tab. All zsh processes start by sourcing /etc/zshenv (the actual location is hard-coded in the binary and can be overridden when building zsh) but there is no equivalent file for bash. I don't know if this makes any difference to your defense strategy but thought it might be worth mentioning. Roman.