Re: .exrc file security risks
From: Darren J Moffat (Darren.Moffat_at_Sun.COM)
Date: Tue, 29 Apr 2003 17:12:24 -0700 (PDT) To: Paul Greene <email@example.com>
On Tue, 29 Apr 2003, Paul Greene wrote:
> I'm verifying the validity of a Solaris hardening guide and came across
> a recommendation to remove ".exrc" files.
Who is the author if this guide ? This isn't a very common recommendation.
> However, I can't find anything
> mentioning ".exrc" files in any of the standard security guidelines I
> normally refer to (CISecurity and NSA).
The .exrc file is the configuration file for the ex(1) and vi(1) text file
The editing environment defaults to certain configuration
options. When an editing session is initiated, vi attempts
to read the EXINIT environment variable. If it exists, the
editor uses the values defined in EXINIT; otherwise the
values set in $HOME/.exrc are used. If $HOME/.exrc does not
exist, the default values are used.
To use a copy of .exrc located in the current directory
other than $HOME, set the exrc option in EXINIT or
$HOME/.exrc . Options set in EXINIT can be turned off in a
local .exrc only if exrc is set in EXINIT or $HOME/.exrc.
Based on the above a "safe" configuration would be to set the value of
EXINIT to "set noexrc" and create a /.exrc file with "set noexrc" specified.
> What, if any, are the risks associated with these files? (Or possibly
> the spelling ".exrc" is a typo and should be something else?)
You can map keystrokes in vi to run external commands or combinations of
other vi internal commands.
If you are this concerned about your admin environment then maybe you
would be interested in running Trusted Solaris. Trusted Solaris ships
with a version of vi(1) called adminvi(1) which has disabled a number
of "potentially risky" features, one of them being the ability to run
external commands. By default the administration roles in Trusted Solaris
use adminvi(1) rather than vi(1).
-- Darren J Moffat