|
From: | Jonathan Hankins |
Subject: | Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted. |
Date: | Sun, 1 Feb 2015 00:52:10 -0600 |
On 1/30/15 3:50 PM, Jonathan Hankins wrote:
> I agree about being able to use named pipes, etc. as HISTFILE. My concern
> is that I think there may be a code path that leads to rename() and
> open(O_TRUNC...) being called on something that isn't a regular file.
OK, say the history file is not a regular file. What negative scenarios
are possible if the history library opens that file with O_TRUNC
> Furthermore, I think that if someone can manipulate a user's HISTFILE
> setting maliciously, there may be a code path to cause an unwitting
> overwrite of a file whose name ends in hyphen.
If someone can manipulate a user's $HISTFILE setting, they can overwrite
any file the user has permission to write. It's always been thus.
[Prev in Thread] | Current Thread | [Next in Thread] |