[Full-disclosure] encrypt the bash history
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Feb 4 19:40:47 GMT 2011
On Fri, 04 Feb 2011 16:18:53 -0300, "Zerial." said:
> The "way" is not safe enough. root can login as me (su - user) and
> bash_history will be decrypted. I try to find any better way to crypt
> and make unreadable the bash_history file from any other users,
> including root.
Agreed. GPG makes the rather rash assumption that you use it on a
system where the computing resources can be at least somewhat
trusted (i.e. it assumes you're not on a system that somebody else
may have installed a keystroke logger or similar).
1a) It may be simpler/safer to totally disable the feature so you
don't leave behind a .bash_history.
1b) If you don't trust root with your .bash_history, why do you trust
root with every single keystroke you entered while doing the commands
that created that history? (Think about that for a bit...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110204/a2efc69d/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.