Disabling lesspipe in dom0
159 views
Skip to first unread message
Vít Šesták
May 26, 2015, 3:58:26 AM5/26/15
to qubes...@googlegroups.com
Hello,
I've realized that dom0 has lesspipe enabled by default. This adds some opportunity for attacks, e.g. through VM logs. See http://www.computerworld.com/article/2851504/less-is-more-to-malware-authors-targeting-linux-users.html for more details.
Unfortunately, you can't fully remove lesspipe in a Fedora way without removing less itself. (And if you just remove lesspipe.sh or one of related profile scripts, you will get it again with a less update.) You can, however, unset LESSOPEN and LESSCLOSE environment variables in .bashrc. One should do it for both ordinary user and root.
Regards,
Vít Šesták 'v6ak'
I've realized that dom0 has lesspipe enabled by default. This adds some opportunity for attacks, e.g. through VM logs. See http://www.computerworld.com/article/2851504/less-is-more-to-malware-authors-targeting-linux-users.html for more details.
Unfortunately, you can't fully remove lesspipe in a Fedora way without removing less itself. (And if you just remove lesspipe.sh or one of related profile scripts, you will get it again with a less update.) You can, however, unset LESSOPEN and LESSCLOSE environment variables in .bashrc. One should do it for both ordinary user and root.
Regards,
Vít Šesták 'v6ak'
Marek Marczykowski-Górecki
May 26, 2015, 4:25:50 PM5/26/15
to Vít Šesták, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good point.
Actually we can disable it globally by creating something like
/etc/profile.d/zz-disable-lesspipe.sh:
unset LESSOPEN LESSCLOSE
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVZNbGAAoJENuP0xzK19csjfMH/RL7kNue8jfGP9xm0BokorH9
ZRUA3Dl1gmbmxX5tllXN2KKxzIaphbaHF01JAwftFlRTBENznSUICsfnDClU58H9
yTOz7Z3iucMRwMrVcmw5NVShrGre5kq6U4uGP2EZsYQLiOPOO8k58j4DzqAiVMlN
YQ+/7WVZXlODwp9KdsTgC61SnyUqtPqNH6TxIo0iZCwGIcZoOD/YW5xhjAJygw5r
YHPltB7n3F/bGeMP8SHAPxWs1NB2FtnrhPkKoOJsLhTYSoUUPV1P8ujQPm5eT7Wu
ZwSyK8CbUuLSWbqdvUzfniWfNFpoj5SNHvrxDbQjp7VMNKoSbSv1Kfk3VZ8jGdM=
=S5Kn
-----END PGP SIGNATURE-----
Hash: SHA1
Actually we can disable it globally by creating something like
/etc/profile.d/zz-disable-lesspipe.sh:
unset LESSOPEN LESSCLOSE
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVZNbGAAoJENuP0xzK19csjfMH/RL7kNue8jfGP9xm0BokorH9
ZRUA3Dl1gmbmxX5tllXN2KKxzIaphbaHF01JAwftFlRTBENznSUICsfnDClU58H9
yTOz7Z3iucMRwMrVcmw5NVShrGre5kq6U4uGP2EZsYQLiOPOO8k58j4DzqAiVMlN
YQ+/7WVZXlODwp9KdsTgC61SnyUqtPqNH6TxIo0iZCwGIcZoOD/YW5xhjAJygw5r
YHPltB7n3F/bGeMP8SHAPxWs1NB2FtnrhPkKoOJsLhTYSoUUPV1P8ujQPm5eT7Wu
ZwSyK8CbUuLSWbqdvUzfniWfNFpoj5SNHvrxDbQjp7VMNKoSbSv1Kfk3VZ8jGdM=
=S5Kn
-----END PGP SIGNATURE-----
Vít Šesták
May 27, 2015, 5:33:39 PM5/27/15
to qubes...@googlegroups.com, groups-no-private-mail--con...@v6ak.com
Actually we can disable it globally by creating something like
/etc/profile.d/zz-disable-lesspipe.sh:
unset LESSOPEN LESSCLOSE
If alphabetical ordering is guaranteed, it seems to be the best way for Qubes.
Should I open an issue?
Regards,
Vít Šesták 'v6ak'
Should I open an issue?
Regards,
Vít Šesták 'v6ak'
Marek Marczykowski-Górecki
May 27, 2015, 5:58:21 PM5/27/15
to Vít Šesták, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hash: SHA1
On Wed, May 27, 2015 at 02:33:38PM -0700, Vít Šesták wrote:
>
>
> > Actually we can disable it globally by creating something like
> > /etc/profile.d/zz-disable-lesspipe.sh:
> > unset LESSOPEN LESSCLOSE
> >
>
> If alphabetical ordering is guaranteed, it seems to be the best way for
> Qubes.
Yes, it is guaranteed.
>
>
> > Actually we can disable it globally by creating something like
> > /etc/profile.d/zz-disable-lesspipe.sh:
> > unset LESSOPEN LESSCLOSE
> >
>
> If alphabetical ordering is guaranteed, it seems to be the best way for
> Qubes.
> Should I open an issue?
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
kabCZTVvNETTj/nEAoywkL1+GpMnN5rNt8vvUXuhIqqKm1g7Q8CV+3yKjcmG+kqz
itHkKxo/XR1ZhsBB2dPjXfS/HgJI6omrhE1xAexAvqIFj8qu5qH9P4hO58sJYd6T
JeYCuXvMCZvRore0pFmnKU1nOsnwwVoEk+6DfPJmlUYeYTKtKNFJN5DOwIZ6orV9
3Hi/t51lROx1/2AJ5/0/wAgUvA09rNfdOR0iVNC+bxRDHmDIXbT5mbd7iSU0pXCu
QwGMPXI+cDGpJTGMLJEzc/P/mJ89IQRswOb1EDM9C5uK9H/ae7bEvZApatd8lbI=
=lz72
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages