Disabling lesspipe in dom0

Affichage de 14 messages sur 4
Disabling lesspipe in dom0 Vít Šesták 26/05/15 00:58
Hello,
I've realized that dom0 has lesspipe enabled by default. This adds some opportunity for attacks, e.g. through VM logs. See http://www.computerworld.com/article/2851504/less-is-more-to-malware-authors-targeting-linux-users.html for more details.

Unfortunately, you can't fully remove lesspipe in a Fedora way without removing less itself. (And if you just remove lesspipe.sh or one of related profile scripts, you will get it again with a less update.) You can, however, unset LESSOPEN and LESSCLOSE environment variables in .bashrc. One should do it for both ordinary user and root.

Regards,
Vít Šesták 'v6ak'
Re: [qubes-users] Disabling lesspipe in dom0 Marek Marczykowski-Górecki 26/05/15 13:25
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good point.
Actually we can disable it globally by creating something like
/etc/profile.d/zz-disable-lesspipe.sh:
unset LESSOPEN LESSCLOSE

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVZNbGAAoJENuP0xzK19csjfMH/RL7kNue8jfGP9xm0BokorH9
ZRUA3Dl1gmbmxX5tllXN2KKxzIaphbaHF01JAwftFlRTBENznSUICsfnDClU58H9
yTOz7Z3iucMRwMrVcmw5NVShrGre5kq6U4uGP2EZsYQLiOPOO8k58j4DzqAiVMlN
YQ+/7WVZXlODwp9KdsTgC61SnyUqtPqNH6TxIo0iZCwGIcZoOD/YW5xhjAJygw5r
YHPltB7n3F/bGeMP8SHAPxWs1NB2FtnrhPkKoOJsLhTYSoUUPV1P8ujQPm5eT7Wu
ZwSyK8CbUuLSWbqdvUzfniWfNFpoj5SNHvrxDbQjp7VMNKoSbSv1Kfk3VZ8jGdM=
=S5Kn
-----END PGP SIGNATURE-----
Re: [qubes-users] Disabling lesspipe in dom0 Vít Šesták 27/05/15 14:33

Actually we can disable it globally by creating something like
/etc/profile.d/zz-disable-lesspipe.sh:
unset LESSOPEN LESSCLOSE

If alphabetical ordering is guaranteed, it seems to be the best way for Qubes.

Should I open an issue?

Regards,
Vít Šesták 'v6ak'
Re: [qubes-users] Disabling lesspipe in dom0 Marek Marczykowski-Górecki 27/05/15 14:58
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, May 27, 2015 at 02:33:38PM -0700, Vít Šesták wrote:
>
>
> > Actually we can disable it globally by creating something like
> > /etc/profile.d/zz-disable-lesspipe.sh:
> > unset LESSOPEN LESSCLOSE
> >
>
> If alphabetical ordering is guaranteed, it seems to be the best way for
> Qubes.

Yes, it is guaranteed.

> Should I open an issue?

Yes, please.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVZj30AAoJENuP0xzK19cs480H/1B7ENtk4Ua4lmGOWJ7tDksh
kabCZTVvNETTj/nEAoywkL1+GpMnN5rNt8vvUXuhIqqKm1g7Q8CV+3yKjcmG+kqz
itHkKxo/XR1ZhsBB2dPjXfS/HgJI6omrhE1xAexAvqIFj8qu5qH9P4hO58sJYd6T
JeYCuXvMCZvRore0pFmnKU1nOsnwwVoEk+6DfPJmlUYeYTKtKNFJN5DOwIZ6orV9
3Hi/t51lROx1/2AJ5/0/wAgUvA09rNfdOR0iVNC+bxRDHmDIXbT5mbd7iSU0pXCu
QwGMPXI+cDGpJTGMLJEzc/P/mJ89IQRswOb1EDM9C5uK9H/ae7bEvZApatd8lbI=
=lz72
-----END PGP SIGNATURE-----