Re: Thoughts on protecting against PATH interception via user owned profiles

[Roman Perepelitsa <roman.perepelitsa@xxxxxxxxx>]

On Sun, Dec 15, 2019 at 3:31 PM Andrew Parker
<andrew.j.c.parker@xxxxxxxxx> wrote:
>
> Oh man. Back at keyboard now. I see this is nothing zsh specific. The solution was right in front of me all the time. Just exit 1 from /etc/profile will work in bash.

Note that /etc/profile is sourced by bash only when starting a login
shell. It's not sourced when connecting over SSH, when running
non-interactively or when starting an interactive shell without
`--login`. Many (most? all?) graphical terminals start non-interactive
shell when opening a new tab.

All zsh processes start by sourcing /etc/zshenv (the actual location
is hard-coded in the binary and can be overridden when building zsh)
but there is no equivalent file for bash.

I don't know if this makes any difference to your defense strategy but
thought it might be worth mentioning.

Roman.