Date: Fri, 28 Aug 1998 22:10:53 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: "Jeffrey J. Mountin" <jeff-ml@mountin.net> Cc: security@FreeBSD.ORG Subject: Re: Shell history Message-ID: <Pine.BSF.4.02A.9808282208110.17138-100000@shell6.ba.best.com> In-Reply-To: <3.0.3.32.19980828235925.00b1b5ec@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Aug 1998, Jeffrey J. Mountin wrote: >At 11:05 PM 8/27/98 -0700, Jan B. Koum wrote: >>On Fri, 28 Aug 1998, Warren Toomey wrote: >> >>>In article by Jan B. Koum: >>>> What if the user would be to switch shell or to install their own? >>>> I do not think one should depend on shell history to log all what >>>> user does. How would YOU monitor what your users are >>>> doing if you had to? >>> >>> accton(8), lastcomm(1) >>> >>> Warren >>> >> >> Once can just "cp" the executable. > > >But in order to 'cp' you must be able to read. > >Why have more permissions than needed? > > > > >Jeff Mountin - Unix Systems TCP/IP networking >jeff@mountin.net > Uhm.. I don't have to read. If I want to execute something and it is in my path, I just "cp `which vi` ./..." and then "./..." Taking away read permissions from directories such as /bin, /sbin and etc. is just security through obscurity IMHO unless you are doing some other things such as trusted path execution, chroot'ed environment, etc. -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808282208110.17138-100000>