Bugtraq mailing list archives

Re: Cobalt root exploit

From: na98jen () STUDENT HIG SE (Joel Eriksson)
Date: Sat, 27 Feb 1999 11:13:05 +0100


On Fri, 26 Feb 1999, John Fraizer wrote:

The .bash_history file is still created even after the Shell History Patch
Release 1.0 is applied to the RaQ and is still world readable.

And of course, what post to BUGTRAQ would be complete without a fix?

The Fix:

Add the following lines to /etc/profile

touch $HISTFILE
chmod 600 $HISTFILE


For the really paranoid, place the following line before the touch command:

HISTFILE=~/.some.other.name


Why not  : ln -sf /dev/null $HISTFILE
or simply: unset HISTFILE

Who needs those historyfiles anyway? The only usage I can think of is
to see if someone else has used your account, but then the intruder must
have been _veeery_ lame, and if a lamers like that got in at all, you got
much bigger problems to think of...

------------------------------------------------------------------
ML.ORG is gone.  Check out http://www.EZ-IP.Net - It's *FREE*
------------------------------------------------------------------
Get your *FREE* Parked Domain account at http://www.EZ-Hosting.Com
------------------------------------------------------------------
John Fraizer                      |    __   _                 |
The System Administrator          |   / /  (_)__  __ ____  __ | The choice
mailto:John.Fraizer () EnterZone Net |  / /__/ / _ \/ // /\ \/ / |  of a GNU
http://www.EnterZone.Net/         | /____/_/_//_/\_,_/ /_/\_\ | Generation
PGP Key fingerprint =  7DB6 1CA2 DAA6 43DA 3AAF  44CD 258C 3D7E B425 81A8

Current thread:

Cobalt root exploit Patrick Oonk (Feb 25)
- Re: Cobalt root exploit Jon Lewis (Feb 25)
- <Possible follow-ups>
- Re: Cobalt root exploit John Fraizer (Feb 26)
- Re: Cobalt root exploit John Fraizer (Feb 26)
  - Re: Cobalt root exploit Joel Eriksson (Feb 27)
  - [mutt security] tempfile race in mutt Thomas Roessler (Feb 28)
- Re: Cobalt root exploit Illuminatus Primus (Feb 26)