bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Feature Request re: syslog and bashhist

From: John McKown
Subject: Re: Feature Request re: syslog and bashhist
Date: Wed, 12 Aug 2015 08:00:24 -0500
On Wed, Aug 12, 2015 at 7:09 AM, Aharon Robbins <arnold@skeeve.com> wrote:
In article <mailman.8184.1439375524.904.bug-bash@gnu.org>,
aixtools  <aixtools@gmail.com> wrote:
>In short, having it included in ./configure simply give it much more
>visibility - and perhaps adoption.

Personally, I think that having bash send executed commands to syslog
is an invasion of privacy; I'm surprised such a feature is even there
at all...

​I can envision three scenarios. And only in one case would I consider it to be an invasion of privacy.

Case 1: I'm running bash on a system which I own & control. Since I control it, I can't consider it an invasion of my privacy. Of course, I could simply recompile BASH without the option. 

Case 2: I'm running bash on my employer's system​. Do I really have an expectation of privacy on my employer's system? Why would I? I argue this being, somewhat, in charge of some auditing on my employer's IT system. We basically log just about everything. But that is, at least supposed to be, explained as a condition of employment by HR. We are an insurance company and so have a lot of different states' regulations about data access.

Case 3: I'm a paying client on some sort of "hosting" computer. Here, I might have an expectation of privacy. But I'd want to read their terms of service to be sure. If they "reserve the right to do as they please" (so to speak), then I'd try to find another company. I guess that I'm thinking of something like Amazon or Google. Even in this case, if I have a "shell" account I could most likely download BASH and compile it with my own options, excluding the syslog logging, and run it instead of the hosting company's supplied version of BASH. Which, for all I know, could be "hacked" to do know who-knows-what (putting on my paranoid security admin hat).

 

My two cents,

​And I respect that.​

 

Arnold
--
Aharon (Arnold) Robbins                 arnold AT skeeve DOT com



--

Schrodinger's backup: The condition of any backup is unknown until a restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! <><
John McKown
reply via email to
[Prev in Thread] Current Thread [Next in Thread]