How to prevent automatic appendings to .bashrc from being effective?

While Stephen’s trick definitely works, the fundamental problem here is that the installer is run with privileges that allow it to modify your .bashrc. If it’s doing that, it could be making all sorts of unwanted changes to other things that might cause broken interactions or be outright malicious (ranging from phone-home spyware shipped intentionally to outright malware from a supply chain compromise or inside threat).

The right solution is not to run “installers” with any privileges. Instead you can run them inside a throwaway container or user account, then copy only the wanted files out of the “staging” environment to the environment you want to use them in. I do something like this with a tool I wrote, usand, which uses unshare to make new user and mount namespaces that block network access and write access to files outside of the current directory and everything under it. While it’s not presently very flexible, many of the same concepts can be applied to do something suited to your particular workflow.

You may Also Like:

None found

Leave a Comment