Just for a few examples of how this can go wrong, maliciously or otherwise.
GREP_OPTIONS can be used to read in files (-f) or change the meaning of a grep (illegal options) or otherwise corrupt it's usage in a script.
The fact that a tool that is usually used without considering how it could fail is used everyplace is the problem. I suggest just add something to /lib/lsb/init-functions to unset GREP_OPTIONS.
I don't have a specific security hole in mind, but something like a firewall going down might try to turn off packet forwarding, but think it's already down and leave it up. Or something like that.
I do set GREP_OPTIONS in my .bashrc, etc. Specifically, I use GREP_OPTIONS= --color= auto
It is a common command someone might set. Either one off (just to see color for some greps) or routinely (like I have in my bashrc).
It is a security issue because it open up holes, prevent actions from happening, etc. if a grep doesn't return what the user expects.
For example: ------- ------- ------
-------
$ grep -E -q local /etc/hosts ; echo $?
0
$ env GREP_OPTIONS=-P grep -E -q local /etc/hosts ; echo $?
grep: conflicting matchers specified
2
$ env GREP_OPTIONS= -f/dev/ zero grep -E -q local /etc/hosts ; echo $? ------- ------- -------
grep: memory exhausted
1
-------
Just for a few examples of how this can go wrong, maliciously or otherwise.
GREP_OPTIONS can be used to read in files (-f) or change the meaning of a grep (illegal options) or otherwise corrupt it's usage in a script.
The fact that a tool that is usually used without considering how it could fail is used everyplace is the problem. I suggest just add something to /lib/lsb/ init-functions to unset GREP_OPTIONS.
I don't have a specific security hole in mind, but something like a firewall going down might try to turn off packet forwarding, but think it's already down and leave it up. Or something like that.
Ciao!