[Grml] Re: Sugestion - zsh logout
Ulrich Dangel
schula at grml.org
Sun Nov 26 05:18:21 CET 2006
* Mark wrote [26.11.06 04:48]:
> > > [ wipe HISTFILE ]
> > Why dont just set SAVEHIST to zero or set HISTFILE to /dev/zero.
>
> Yes that works. Some people do. It's less secure but works.
What is the different? If you wipe HISTFILE in /etc/zlogout a user could
change in $HOME/.zlogout histfile and you wipe nothing. If you set
HISTFILE to /dev/null in /etc/zshrc a user can change it in
$HOME/.zshrc, where is the difference?
> > > Very appropriate for mobile USB devices that change hands (or get
> > > lost!).
> >
> > why you dont just encrypt
>
> We do, of course. The command line history is a security leak in its
> own right (orthogonal to disk encryption), much like swap space.
Hm, there is a big difference. In the swap space there resits user data
like Documents Contents, Passwords and so on. Oh ok, if you use
something like echo grml:totalysecret | chpasswd there is a information
leak. Yeah your right, but i dont think that you can compare swap space
with command history.
> Google
> for info, if the problems seem non-obvious. We just wanted to second
> the idea of "do something," whatever it may be.
Yeah, but wiping HISTFILE in zlogout doesnt change anything. I
personally think adding clear to zlogout should be enough.
> Thanks,
>
> M.
Uli
--
Ob Bundes-Internetbeauftragter, Landes-Internetminister oder
Green-Card-Regelung: Kein Politiker, der sich als zukunftsorientiert
präsentieren will, kann sich den Themen Internet und EDV entziehen.
-- Heise Newsticker
More information about the Grml
mailing list