From 66dc2643aca9d19e3d77ad4153d2ec9684a3794f Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 29 May 2022 00:26:56 -0300 Subject: disable-common.inc: move blacklist of /etc/profile.d To disable-shell.inc. Interactive shells can be executed from certain development-related programs (such as IDEs) and the shells themselves are not blocked by default, but this shell startup directory currently is. To avoid running a shell without access to potentially needed startup files, only blacklist /etc/profile.d when interactive shells are also blocked. Note that /etc/profile.d should only be of concern to interactive shells, so a profile that includes both disable-shell.inc and allow-bin-sh.inc (which likely means that it needs access to only non-interactive shells) should not be affected by the blacklisting. Relates to #3411 #5159. --- etc/inc/disable-common.inc | 1 - etc/inc/disable-shell.inc | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index d08ba3646..5918ee640 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -261,7 +261,6 @@ blacklist /etc/grub* blacklist /etc/kernel* blacklist /etc/logrotate* blacklist /etc/modules* -blacklist /etc/profile.d blacklist /etc/rc.local # rc1.d, rc2.d, ... blacklist /etc/rc?.d diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index 8274b0215..6665251a8 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc @@ -13,3 +13,4 @@ blacklist ${PATH}/sh blacklist ${PATH}/tclsh blacklist ${PATH}/tcsh blacklist ${PATH}/zsh +blacklist /etc/profile.d -- cgit v1.2.3-54-g00ecf