Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: History Files

From: dagon () DAGON NET (Mark Rafn)
Date: Sun, 16 Apr 2000 12:07:02 -0700

right.  are we off-topic enough yet?  Not that this message is going to
make it any better.


Corwin J. Grey wrote:

Force each user to use bash first of all, and don't allow them to change
shells.

...

 ln -s /root/history/bob /home/bob/.bash_history


On Sat, 15 Apr 2000, Michael Jennings wrote:

I don't suppose anyone realized that the user, having write
permissions to his/her own home directory, could simply remove the
soft link?  Or move it out of the way?


I think most of us realize it.  Using the user's shell to do the logging
is always going to be problematic and difficult to enforce unless they're
in a very very limited environment and have a rather customized shell.

If you want the quick-fix, do the history symlink, tell users that
changing it is not allowed, and fire people who evade your monitoring.


From a pure-technical end, even if you could find a way to keep them from

telling bash to log to a "safe" place, they can always do
  while :; do read x; eval $x; done
and bash will not log what that loop does.

If you want to do this right, do it with a sniffer.

--
Mark Rafn    dagon () dagon net    <http://www.dagon.net/>   !G
Previous By Date Next
Previous By Thread Next

Current thread: