[Mono-dev] Bad consequences of a Mono installation
agorecki at ectrolinux.com
Tue Sep 20 02:30:12 EDT 2005
I responded to your message, I don't believe that it bounced. Here is a copy
of my reply:
On Saturday, September 17, 2005 17:53, qun li wrote:
> graphical environment as well as non-graphical are
> unusable and the edition of my .bashrc is protected by
> password (mine, at least).
> When lauching a term, I get this (see screenshot
> attached - the translation of the first line is 'This
> file or directory does no exist.').
Bash is trying to execute the commands in the configuration, which if the file
is encrypted, would be garbage.
> I greatly appreciate the concerns of the Mono team
> about hardening the security on my system
> nevertheless I would like to keep it useful, even if
> not too secure.
Encrypting your account's Bash configuration files isn't a sensible security
option, in my opinion. On any reasonable standard system, access to an
account's home directory will only be allowed by the owner of the account and
I can't think of any reason that Mono would need to modify a local bashrc
file, and it would only need to modify your local profile configuration file
to add ENV variables, which in most cases, would not be necessary unless you
are a developer. Mono would not encrypt your configuration files with
VimCrypt, nor would it use Vim to edit them. This leads me to believe that
you, deliberately or not, instructed Vim to encrypt the files, which rendered
your account unusable.
Bash configuration files are not designed to store sensitive information, and
they will only operate in plain text form: if the contents of one of those
files cannot be executed on the command line by hand, those instructions will
not work when Bash tries to parse them automatically.
> What's the solution ?
Short answer: Decrypt the configuration files, or replace them entirely.
Long answer: If you want a Bash configuration file to be encrypted, create a
base configuration file that executes the required functionality to decrypt
the sensitive file, have Bash parse the contents of that file, and then
ensure the file is secured again after use. Typically, that would involve
some type of interactive authentication prompt at login time. Using
configuration files in this manner is likely not secure.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 828 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20050919/1e1b861a/attachment.bin
More information about the Mono-devel-list