[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] shell script help...
|
- From: "Mag Gam" <magawake@gmail.com>
- To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] shell script help...
- Date: Sat, 1 Sep 2007 09:51:09 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=S1yvMXwfnAQA7uxPVLF3w6PJ78/xP2IJgGFgAfmlpAwVY3Hcx3YRc2ap8hHrDxVChOn8buHoGejbMpISFVG7quKOrxf9hx0XyTajjDWVFXqmJpgBKLkVm7wQGaU5GPRY5rsqFpB/Lzqzq68eetZu4EQvbyHqgin1MFVkH6gZ07k=
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: plug-bounces@lists.phillylinux.org
Wow..didn't think about this. B. Subshell, invoked with invalid or non-existant history file $ HISTFILE="" bash {nefarious commands...} $ exit $ logout
On 9/1/07, Matthew Rosewarne <mukidohime@case.edu> wrote:
On Saturday 01 September 2007, Mag Gam wrote: > I am in the process of writing a shell script to take history file (fc -l) > and backup it up, while appending it. > > My strategy is, once the user exits out of his shell, i will dump the
> history into a file by using a trap() with EXIT. The file will be appended > by the username... (ie, username.history.date
I would not attempt to rely on this for any measure of security, as it can be
easily circumvented by users. For example, one could:
A: Subshell, then remove the history file $ bash {nefarious commands...} $ exit $ rm ~/.bash_history
$ logout
B. Subshell, invoked with invalid or non-existant history file $ HISTFILE="" bash {nefarious commands...} $ exit $ logout
All of this could just as easily be hidden in a script, making it very
difficult to catch. It would be a better idea to use IDS/auditing software than to rely on something controlled by the user.
___________________________________________________________________________ Philadelphia Linux Users Group --
http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|