Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Security hole in history handling for root

X-seq: zsh-workers 26393
From: Richard Hartmann <richih.mailinglist@xxxxxxxxx>
To: Zsh Workers <zsh-workers@xxxxxxxxxx>
Subject: Re: Security hole in history handling for root
Date: Wed, 21 Jan 2009 17:54:08 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=aDHW692Vnmj3/ez0n6hIguO5BWpmRocofqfmOwlWw1c=; b=SP/kGxsNPYjG6BTKSWc+VGHVsP86s58/OdZTAtanvp8HguH+j19iGEwlNuX21J9AUh 2797IN3cEfdEyZ2V58F4dsrLdarUh/c8Ddbhqj9HBo3SoWp+0kzNcdvGC52u8fRB1ek5 7JZB02atzuXfH+B+I/g1PDR8GI1uPJCiZvjRU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=eXBk9Ea5c7zs00VeFX/k0mCOq77HzsnJnNsUDnNdya/fXeREi/qHEEhwF5AXZyi+Lp BdXGiPpJjx8BAehNwWQ0reu5yR/bZdD/aWAdH9zGKNZKR5G9HiAqYgJKFt+hsHTAetYh 8OOb/nkNmxNc+qhiC7Zb7UyAp4aomqJwm/QTU=
In-reply-to: <2d460de70901010632q3f2c1156x36a8d1e8a4445dd4@xxxxxxxxxxxxxx>
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <2d460de70901010632q3f2c1156x36a8d1e8a4445dd4@xxxxxxxxxxxxxx>

Bump.

This is a potential security issue. If you only look at one
of my bumps, look at this one.


Richard

On Thu, Jan 1, 2009 at 15:32, Richard Hartmann
<richih.mailinglist@xxxxxxxxx> wrote:
> Hi all,
>
> zsh does not complain when loading from or writing
> to a history file which is not owned by root or 600.
>
> My suggestion is that a warning similar to compaudit's
> is introduced, both on loading and writing. People who
> share history between root and their normal users might
> appreciate an option to turn this off, but personally, I
> think that is bad style, anyway.
>
> For reference:
>
> roadwarrior ~ # l .zsh_history
> -rw-rw-rw- 1 richih richih 78515 2009-01-01 15:23 .zsh_history
> roadwarrior ~ # zsh
> roadwarrior ~ # mv .zsh zsh
> roadwarrior ~ # ln -s /home/richih/.zsh .zsh
> roadwarrior ~ # zsh
> zsh compinit: insecure directories, run compaudit for list.
> Ignore insecure directories and continue [y] or abort compinit [n]?
>
>
> Richard
>

Follow-Ups:
- Re: Security hole in history handling for root
  - From: Peter Stephenson

References:
- Security hole in history handling for root
  - From: Richard Hartmann

Messages sorted by: Reverse Date, Date, Thread, Author