Full Disclosure mailing list archives
Re: encrypt the bash history
From: Valdis.Kletnieks () vt edu
Date: Fri, 04 Feb 2011 14:40:47 -0500
On Fri, 04 Feb 2011 16:18:53 -0300, "Zerial." said:
The "way" is not safe enough. root can login as me (su - user) and bash_history will be decrypted. I try to find any better way to crypt and make unreadable the bash_history file from any other users, including root.
Agreed. GPG makes the rather rash assumption that you use it on a system where the computing resources can be at least somewhat trusted (i.e. it assumes you're not on a system that somebody else may have installed a keystroke logger or similar). 1a) It may be simpler/safer to totally disable the feature so you don't leave behind a .bash_history. 1b) If you don't trust root with your .bash_history, why do you trust root with every single keystroke you entered while doing the commands that created that history? (Think about that for a bit...)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- encrypt the bash history Zerial. (Feb 04)
- Re: encrypt the bash history Valdis . Kletnieks (Feb 04)
- Re: encrypt the bash history Zerial. (Feb 04)
- Re: encrypt the bash history Erik Falor (Feb 04)
- Re: encrypt the bash history Zerial. (Feb 06)
- Re: encrypt the bash history Rodrigo Rubira Branco (BSDaemon) (Feb 06)
- Re: encrypt the bash history Peter Maxwell (Feb 06)
- Re: encrypt the bash history Emanuel dos Reis Rodrigues (Feb 06)
- Re: encrypt the bash history Zerial. (Feb 04)
- Re: encrypt the bash history Valdis . Kletnieks (Feb 04)
- Re: encrypt the bash history Valdis . Kletnieks (Feb 04)
- <Possible follow-ups>
- Re: encrypt the bash history Zach C. (Feb 06)
- Re: encrypt the bash history Cal Leeming [Simplicity Media Ltd] (Feb 06)
- Re: encrypt the bash history Champ Clark III [Softwink] (Feb 08)