[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] encrypt the bash history
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] encrypt the bash history
- From: "Zerial." <fernando@xxxxxxxxxx>
- Date: Fri, 04 Feb 2011 16:18:53 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/04/11 16:13, Valdis.Kletnieks@xxxxxx wrote:
> On Fri, 04 Feb 2011 16:06:06 -0300, "Zerial." said:
>> what is the best way to encrypt the bash_history file?
>> I try using crypt/decrypt with GPG when login/logout. It works, but not
>> safe enough.
>
> Explain what the threat model is, and why GPG isn't safe enough? It's kind of
> hard to recommend "best" when we don't understand what the criteria are...
>
The "way" is not safe enough. root can login as me (su - user) and
bash_history will be decrypted. I try to find any better way to crypt
and make unreadable the bash_history file from any other users,
including root.
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zerial@xxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1MURwACgkQIP17Kywx9JRGXwCfToQUoK083yvMoDPcfPXSLQ9t
RpgAnjrhppTAnLB/ZAthZMpOvvMaGQ5o
=rm9l
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/