Re: Preventing curl | bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On October 17, 2018 10:00:53 AM GMT+03:00, Thomas Mueller <thomas@xxxxxxxxxxxxxx> wrote:
>
>
>On 10/16/2018 11:15 AM, Sheogorath wrote:
>> Hi,
>>
>> it's mostly a question out of curiosity but maybe useful for some
>people.
>>
>> I wonder if there is a way to prevent a direct piping from curl to
>bash
>> using SELinux.
>>
>> And of course one can download a file and then run bash on it, but a
>> simple rule that prevents direct piping would at least give a heads
>up
>> about it.
>
>sounds not like something I would implement. And you don't give much 
>context to your situation.
>
>What do you like to prevent? Stop users with root-shells to execut 
>arbitary shell scripts obtained by curl?


It's a common idiocy we (sysadmins) face in the web world: programmers need "something" and find a tutorial which instructs them to download some bundle which self-installs via the infamous mantra under discussion in this thread. Obviously preceded by a sudo (because why not ?)

Wolfy
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux