Bug 1419
| Summary: | World readable bash history files | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | tarvin |
| Component: | rootfiles | Assignee: | Cristian Gafton <gafton> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.2 | CC: | pbrown |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 1999-04-09 21:31:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
tarvin
1999-03-04 09:36:01 UTC
Please read that article again... it talks about Cobalt misconfiguring their Cube product, this is not a problem with Red Hat Linux... To verify, add new user (useradd foo), change to that user (su - foo), type in some commands (ls -l), logout, change to that user again (su - foo), look at .bash_history: -rw------- 1 foo foo 6 Mar 15 02:27 .bash_history As well as this quote from the articel which you posted, but failed to read: "He was unable to find similar exposure on sites running the Linux OS that did not use the Cobalt RaQ." /Seva This problem does not exist in Red Hat Linux 5.9 beta, but I was able to determine that on a number of 5.2 boxes, ~root/.bash_history is world readable. However, I'm not sure it merits a security release. Cristian, what is your opinion of the situation? This is not a security issue -- the commands that root runs are available in ps listings while they are running anyway. |