[Grml] Re: Sugestion - zsh logout

Ulrich Dangel schula at grml.org
Sun Nov 26 05:18:21 CET 2006


* Mark wrote [26.11.06 04:48]:
> > > [ wipe HISTFILE ]  
> > Why dont just set SAVEHIST to zero or set HISTFILE to /dev/zero.
> 
> Yes that works.  Some people do.  It's less secure but works.
 
What is the different? If you wipe HISTFILE in /etc/zlogout a user could
change in $HOME/.zlogout histfile and you wipe nothing. If you set
HISTFILE to /dev/null in /etc/zshrc a user can change it in
$HOME/.zshrc, where is the difference? 

> > > Very appropriate for mobile USB devices that change hands (or get
> > > lost!).
> > 
> > why you dont just encrypt
> 
> We do, of course.  The command line history is a security leak in its
> own right (orthogonal to disk encryption), much like swap space.  

Hm, there is a big difference. In the swap space there resits user data
like Documents Contents, Passwords and so on. Oh ok, if you use
something like echo grml:totalysecret | chpasswd there is a information
leak. Yeah your right, but i dont think that you can compare swap space
with command history.

> Google
> for info, if the problems seem non-obvious.  We just wanted to second
> the idea of "do something," whatever it may be.

Yeah, but wiping HISTFILE in zlogout doesnt change anything. I
personally think adding clear to zlogout should be enough. 

> Thanks,
> 
> M.

Uli
-- 
Ob Bundes-Internetbeauftragter, Landes-Internetminister oder
Green-Card-Regelung: Kein Politiker, der sich als zukunftsorientiert
präsentieren will, kann sich den Themen Internet und EDV entziehen.
		-- Heise Newsticker



More information about the Grml mailing list