[9801] in bugtraq
Re: Cobalt root exploit
daemon@ATHENA.MIT.EDU (Joel Eriksson)
Sat Feb 27 15:17:48 1999
Date: Sat, 27 Feb 1999 11:13:05 +0100
Reply-To: Joel Eriksson <na98jen@STUDENT.HIG.SE>
From: Joel Eriksson <na98jen@STUDENT.HIG.SE>
X-To: John Fraizer <John.Fraizer@ENTERZONE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.1.19990226060616.01c306a0@pop3.enterzone.net>
On Fri, 26 Feb 1999, John Fraizer wrote:
> The .bash_history file is still created even after the Shell History Patch
> Release 1.0 is applied to the RaQ and is still world readable.
>
> And of course, what post to BUGTRAQ would be complete without a fix?
>
> The Fix:
>
> Add the following lines to /etc/profile
>
> touch $HISTFILE
> chmod 600 $HISTFILE
>
>
> For the really paranoid, place the following line before the touch command:
>
> HISTFILE=~/.some.other.name
Why not : ln -sf /dev/null $HISTFILE
or simply: unset HISTFILE
Who needs those historyfiles anyway? The only usage I can think of is
to see if someone else has used your account, but then the intruder must
have been _veeery_ lame, and if a lamers like that got in at all, you got
much bigger problems to think of...
> ------------------------------------------------------------------
> ML.ORG is gone. Check out http://www.EZ-IP.Net - It's *FREE*
> ------------------------------------------------------------------
> Get your *FREE* Parked Domain account at http://www.EZ-Hosting.Com
> ------------------------------------------------------------------
> John Fraizer | __ _ |
> The System Administrator | / / (_)__ __ ____ __ | The choice
> mailto:John.Fraizer@EnterZone.Net | / /__/ / _ \/ // /\ \/ / | of a GNU
> http://www.EnterZone.Net/ | /____/_/_//_/\_,_/ /_/\_\ | Generation
> PGP Key fingerprint = 7DB6 1CA2 DAA6 43DA 3AAF 44CD 258C 3D7E B425 81A8
