[Mono-dev] Bad consequences of a Mono installation

Anthony Gorecki agorecki at ectrolinux.com
Tue Sep 20 02:30:12 EDT 2005


Qun,

I responded to your message, I don't believe that it bounced. Here is a copy 
of my reply:


On Saturday, September 17, 2005 17:53, qun li wrote:
> my 
> graphical environment as well as non-graphical are
> unusable and the edition of my .bashrc is protected by
> password (mine, at least).
> When lauching a term, I get this (see screenshot
> attached - the translation of the first line is 'This
> file or directory does no exist.').

Bash is trying to execute the commands in the configuration, which if the file 
is encrypted, would be garbage.


> I greatly appreciate the concerns of the Mono team
> about hardening the security on my system
> nevertheless I would like to keep it useful, even if
> not too secure.

Encrypting your account's Bash configuration files isn't a sensible security 
option, in my opinion. On any reasonable standard system, access to an 
account's home directory will only be allowed by the owner of the account and 
root. 

I can't think of any reason that Mono would need to modify a local bashrc 
file, and it would only need to modify your local profile configuration file 
to add ENV variables, which in most cases, would not be necessary unless you 
are a developer. Mono would not encrypt your configuration files with 
VimCrypt, nor would it use Vim to edit them. This leads me to believe that 
you, deliberately or not, instructed Vim to encrypt the files, which rendered 
your account unusable. 

Bash configuration files are not designed to store sensitive information, and 
they will only operate in plain text form: if the contents of one of those 
files cannot be executed on the command line by hand, those instructions will 
not work when Bash tries to parse them automatically.


> What's the solution ?

Short answer: Decrypt the configuration files, or replace them entirely.

Long answer: If you want a Bash configuration file to be encrypted, create a 
base configuration file that executes the required functionality to decrypt 
the sensitive file, have Bash parse the contents of that file, and then 
ensure the file is secured again after use. Typically, that would involve 
some type of interactive authentication prompt at login time. Using 
configuration files in this manner is likely not secure.


-- 
Anthony Gorecki
Ectro-Linux Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20050919/1e1b861a/attachment.bin 


More information about the Mono-devel-list mailing list