Hi Since my first Linux Day sometimes in 1997 I was a bash shell user, made a lot of scripting and was happy. Now I found grml and its zsh and it is
sssssssssssuuuuuuuuupppppppppeeeeeeeeeerrrrrrrrrr.
Small suggestion : in the /etc/zsh/logout I added the small word
"reset"
which automatically leaves a clean console when logging out. I like that and nobody nosing around. also security concern.
regards
Small suggestion : in the /etc/zsh/logout I added the small word
"reset"
which automatically leaves a clean console when logging out. I like that and nobody nosing around. also security concern.
We second the idea. (Maybe diskwipe the zsh history?) Very appropriate for mobile USB devices that change hands (or get lost!).
M.
* Mark wrote [26.11.06 04:28]:
Small suggestion : in the /etc/zsh/logout I added the small word
"reset"
which automatically leaves a clean console when logging out. I like that and nobody nosing around. also security concern.
clear should be the right way, because reset resets also the terminal settings, which may be not that what you want to have.
We second the idea. (Maybe diskwipe the zsh history?)
Why dont just set SAVEHIST to zero or set HISTFILE to /dev/zero.
Very appropriate for mobile USB devices that change hands (or get lost!).
Hm, i dont know whats the problem with the history of commands you used, but why you dont just encrypt $HOME, or $TMP or whatever you need? This would also the right way if you think about mobile devices which could get lost and private data could leak.
M.
Uli
Why dont just set SAVEHIST to zero or set HISTFILE to /dev/zero.
Yes that works. Some people do. It's less secure but works.
Very appropriate for mobile USB devices that change hands (or get lost!).
why you dont just encrypt
We do, of course. The command line history is a security leak in its own right (orthogonal to disk encryption), much like swap space. Google for info, if the problems seem non-obvious. We just wanted to second the idea of "do something," whatever it may be.
Thanks,
M.
* Mark wrote [26.11.06 04:48]:
[ wipe HISTFILE ]
Why dont just set SAVEHIST to zero or set HISTFILE to /dev/zero.
Yes that works. Some people do. It's less secure but works.
What is the different? If you wipe HISTFILE in /etc/zlogout a user could change in $HOME/.zlogout histfile and you wipe nothing. If you set HISTFILE to /dev/null in /etc/zshrc a user can change it in $HOME/.zshrc, where is the difference?
Very appropriate for mobile USB devices that change hands (or get lost!).
why you dont just encrypt
We do, of course. The command line history is a security leak in its own right (orthogonal to disk encryption), much like swap space.
Hm, there is a big difference. In the swap space there resits user data like Documents Contents, Passwords and so on. Oh ok, if you use something like echo grml:totalysecret | chpasswd there is a information leak. Yeah your right, but i dont think that you can compare swap space with command history.
Google for info, if the problems seem non-obvious. We just wanted to second the idea of "do something," whatever it may be.
Yeah, but wiping HISTFILE in zlogout doesnt change anything. I personally think adding clear to zlogout should be enough.
Thanks,
M.
Uli
(For Uli - Wiping .zsh_history is more secure than deletion - that's all I meant. If you meant shutting off .zsh_history completely, yes that is even better - with much less zsh convenience. AFAIK 'clear' does nothing to .zsh_history. So maybe we're talking different subjects.)
(P.S. we have no concern with our own users outsmarting their sysadmin by advanced zsh exploits. It's more about the syadmin protecting his users/company from external people/competitors.)
* Erich Minderlein erminderlein@locoware.de [20061125 23:42]:
Since my first Linux Day sometimes in 1997 I was a bash shell user, made a lot of scripting and was happy. Now I found grml and its zsh and it is
sssssssssssuuuuuuuuupppppppppeeeeeeeeeerrrrrrrrrr.
Small suggestion : in the /etc/zsh/logout I added the small word
"reset"
which automatically leaves a clean console when logging out. I like that and nobody nosing around. also security concern.
Nice idea, thanks. I chose the 'clear' command as suggested by Ulrich.
http://hg.grml.org/grml-etc-core/rev/79261c69a90a
regards, -mika-
Teilnehmer (4)
-
Erich Minderlein -
Mark -
Michael Prokop -
Ulrich Dangel