Vulnerability Development mailing list archives

Re: History Files

From: dr () DURSEC COM (Dragos Ruiu)
Date: Sat, 15 Apr 2000 19:24:40 -0700


On Sat, 15 Apr 2000, Crispin Cowan wrote:

audit wrote:

I would like to have what they type logged to /root/history/$user_history


Especially cleaver users intent on hiding will name their modified shell "vi" or "rn" :-)


Especially clever users will just use the real vi, or rn or another program that
allows shell escapes without having to hide anything that can be found.

":!export HISTFILE=/dev/null;...." or ":!ash"

You would have to secure any program that allows user controlled exec's and
remove all compilers, perl interpreters and so on, ad nauseum.

IMHO the process accounting or piping everyone through some sort of logging
ptys would be the only feasible ways to pseudo-reliably do this. Bash_history
is a good aid, but likely a poor primary security mechanism.

cheers,
--dr

--
dursec.com / kyx.net - we're from the future                      http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver

Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
    Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD

Current thread:

Re: Controlling a program's resource usage on Unix, (continued)
- - - Re: Controlling a program's resource usage on Unix Seth R Arnold (Apr 16)
    - Re: Controlling a program's resource usage on Unix Isaac (Apr 21)
    - Re: Controlling a program's resource usage on Unix Crispin Cowan (Apr 16)
    - Re: Controlling a program's resource usage on Unix Matej Kovac (Apr 17)
    - Re: Controlling a program's resource usage on Unix Pavel Kankovsky (Apr 18)
    - Re: History Files David Taylor (Apr 16)
    - Re: History Files Boris Sagadin (Apr 17)
    - Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)
    - Re: History Files iconoclast (Apr 18)
    - Re: History Files Bluefish (Apr 19)
  - Re: History Files Dragos Ruiu (Apr 15)
    - Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Seth R Arnold (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
  - Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
  - Re: History Files Omachonu Ogali (Apr 15)
    - Re: History Files Corwin J. Grey (Apr 15)
    - Re: History Files Gert-Jan Hagenaars (Apr 16)
    - Re: History Files Bluefish (Apr 17)
  - Re: History Files Michael Jennings (Apr 15)

(Thread continues...)