* Mark wrote [26.11.06 04:48]:
[ wipe HISTFILE ]
Why dont just set SAVEHIST to zero or set HISTFILE to /dev/zero.
Yes that works. Some people do. It's less secure but works.
What is the different? If you wipe HISTFILE in /etc/zlogout a user could change in $HOME/.zlogout histfile and you wipe nothing. If you set HISTFILE to /dev/null in /etc/zshrc a user can change it in $HOME/.zshrc, where is the difference?
Very appropriate for mobile USB devices that change hands (or get lost!).
why you dont just encrypt
We do, of course. The command line history is a security leak in its own right (orthogonal to disk encryption), much like swap space.
Hm, there is a big difference. In the swap space there resits user data like Documents Contents, Passwords and so on. Oh ok, if you use something like echo grml:totalysecret | chpasswd there is a information leak. Yeah your right, but i dont think that you can compare swap space with command history.
Google for info, if the problems seem non-obvious. We just wanted to second the idea of "do something," whatever it may be.
Yeah, but wiping HISTFILE in zlogout doesnt change anything. I personally think adding clear to zlogout should be enough.
Thanks,
M.
Uli