Re: .exrc file security risks

From: Darren J Moffat (Darren.Moffat_at_Sun.COM)
Date: 04/30/03

  • Next message: aatkinson_at_fastmail.fm: "Re: .exrc file security risks" 
    Date: Tue, 29 Apr 2003 17:12:24 -0700 (PDT)
To: Paul Greene <techlists@comcast.net>

    On Tue, 29 Apr 2003, Paul Greene wrote:

    > I'm verifying the validity of a Solaris hardening guide and came across
    > a recommendation to remove ".exrc" files.

    Who is the author if this guide ? This isn't a very common recommendation.

    > However, I can't find anything
    > mentioning ".exrc" files in any of the standard security guidelines I
    > normally refer to (CISecurity and NSA).

    The .exrc file is the configuration file for the ex(1) and vi(1) text file
    editors.

    From vi(1):

         The editing environment defaults to certain configuration
         options. When an editing session is initiated, vi attempts
         to read the EXINIT environment variable. If it exists, the
         editor uses the values defined in EXINIT; otherwise the
         values set in $HOME/.exrc are used. If $HOME/.exrc does not
         exist, the default values are used.

         To use a copy of .exrc located in the current directory
         other than $HOME, set the exrc option in EXINIT or
         $HOME/.exrc . Options set in EXINIT can be turned off in a
         local .exrc only if exrc is set in EXINIT or $HOME/.exrc.

    Based on the above a "safe" configuration would be to set the value of
    EXINIT to "set noexrc" and create a /.exrc file with "set noexrc" specified.

    > What, if any, are the risks associated with these files? (Or possibly
    > the spelling ".exrc" is a typo and should be something else?)

    You can map keystrokes in vi to run external commands or combinations of
    other vi internal commands.

    If you are this concerned about your admin environment then maybe you
    would be interested in running Trusted Solaris. Trusted Solaris ships
    with a version of vi(1) called adminvi(1) which has disabled a number
    of "potentially risky" features, one of them being the ability to run
    external commands. By default the administration roles in Trusted Solaris
    use adminvi(1) rather than vi(1). 

    -- 
Darren J Moffat
  • Next message: aatkinson_at_fastmail.fm: "Re: .exrc file security risks"