bash history default setting is crazy insecure in Ubuntu - Ubuntu

This is a discussion on bash history default setting is crazy insecure in Ubuntu - Ubuntu ; On Wed, 30 Jan 2008 05:23:45 +0000, Vitorio Okio wrote: > It is exactly as I stated. There is a file in /root directory named > ".bash_history", likewise there is another one my home directory. I did > not do ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 28 of 28

Thread: bash history default setting is crazy insecure in Ubuntu

  1. Re: bash history default setting is crazy insecure in Ubuntu

    On Wed, 30 Jan 2008 05:23:45 +0000, Vitorio Okio wrote:

    > It is exactly as I stated. There is a file in /root directory named
    > ".bash_history", likewise there is another one my home directory. I did
    > not do anything funsy with my install either. This is a default
    > installation of Feisty Fawn that was upgrated to Gutsy Gibbon upon its
    > release using a standard procedure.
    >
    > So, I even do not really now when this file was created and when and
    > under what circumstances it was filled in. The only thing I can say for
    > sure - I've never logged in as root but used console after "sudo -s" a
    > couple of times.
    >
    > The offending file had a long list of commands entered in bash. The
    > very first 2 lines at the top of the file where exactly as follows:
    >
    > password
    > MY_ROOT_PASSWORD_IN_PLAIN_TEXT
    > ...
    >
    > Then all bash history followed as normal.
    >
    > I simpy could not type it in by mistake :-) since till today I never
    > opened the file. Even today I opened it only by a pure chance, since I
    > started learning how to harden my system security, etc. and was
    > wondering arround following some reading.
    >
    > I certainly dumped the contents of the file by running "sudo history -c
    > /root/.bash_history". But the question was how possibly it could
    > happen?
    >
    > In a certain sence it looks quite fanny. Bash is smart enough not to
    > display my password while I'm typing it in a console, when requested
    > after sudo. But then it gets dumb enough to store it in a plain text in
    > history file? I just cannot believe it.
    >
    > Well, since the majority states it is impossible to be truth, could it
    > be an indication of my system gotten somehow compromized? Or I'm
    > getting paranoid here?


    I wouldn't think your box has been compromized. I think you should look
    long and hard at your recent actions. Are you definitely sure you didn't
    type your password in plain text?>

    --

    "Every age and generation must be as free to act for itself, in all
    cases, as the ages and generations which preceded it. Man has no
    property in man, neither has any generation a property in the
    generations which are to follow." - Thomas Paine


  2. Re: bash history default setting is crazy insecure in Ubuntu

    On Wed, 30 Jan 2008 04:52:16 +0100, firebrand wrote:

    > On Wed, 30 Jan 2008 03:55:04 +0100, Vitorio Okio wrote:
    >
    >> Being a newbie I've just found that bash keeps my root password in
    >> PLAIN TEXT in /root/.bash_history file. :-(
    >>
    >> It just does it by default! And I've never logged in as root BTW. Thus
    >> it looks that it does it whenever I execute "sudo -s"? Otherwise I
    >> cannot understand how it happened to save it. I cannot believe it
    >> would do it just on sudo. This would make it even crazier.

    >
    > I'm really puzzled by what you're saying. In my /root directory, there
    > is no .bash_history. And I haven't done anything strange installation-
    > wise.
    > So how come *you* have a /root/.bash_history by default and I have *no*
    > /root/.bash_history by default?
    >
    > I checked /root/.bashrc and /root/.profile, and neither contains a
    > password.
    >
    > Hmmm...
    >
    >> IMHO it is just crazy insecure, considering any new to Linux user finds
    >> it out only after considerable amount of time spent wondering around
    >> and learning.
    >>
    >> How to turn this off? I do not want to keep running "history - c
    >> .bash_history" all the time. Creating a cron job for it does not look
    >> to me any better either.
    >>
    >> Any suggestions, please?

    >
    > Since my system seems to get on okay without a /root/.bash_history, how
    > about you rm it? Then you won't have to worry about the password
    > showing up in it. After all, what do you need /root/.bash_history for?
    > Just rm the thing.


    I'm still dying to know, do all /root directories contain a /
    root/.bash_profile. Cos it doesn'there, which suggests: ****in r00d
    losers



    --

    "I'm not bad, I'm just drawn that way." - Jessica Rabbit


  3. Re: bash history default setting is crazy insecure in Ubuntu

    In article ,
    "Vitorio Okio" wrote:
    > The offending file had a long list of commands entered in bash. The
    > very first 2 lines at the top of the file where exactly as follows:
    >
    > password
    > MY_ROOT_PASSWORD_IN_PLAIN_TEXT
    > ...
    >
    > Then all bash history followed as normal.
    >
    > I simpy could not type it in by mistake :-) since till today I never
    > opened the file. Even today I opened it only by a pure chance, since
    > I started learning how to harden my system security, etc. and was
    > wondering arround following some reading.


    You typed "password". Since there is no "password" command (did you
    mean to type "passwd"?), bash gave you an error, which you overlooked.
    Evidently, whatever this "password" command is you thought you were
    going to run, you expected it to ask you for your password, so you typed
    it, not noticing you were at a command prompt still.

    Hopefully, your password does not match a command, so you got another
    error. (This is a good illustration of why your password should not be
    "rm -rf /").

    If you are like most of us (who hasn't accidently typed a password at
    the wrong or a nonexistent prompt?), you realized your mistake, cleared
    the screen, and tried again, without thinking about the fact that typing
    the password at a bash prompt puts it in the history.

    --
    --Tim Smith

  4. Re: bash history default setting is crazy insecure in Ubuntu

    In article , NoStop
    wrote:
    > >> Nope, only valid commands are recorded in the .bash_history file. Type a
    > >> command where it doesn't exist and the program can't be found and will
    > >> not be recorded. :-)

    ....
    > >
    > > In another post on this subject I demonstrate how my ubuntu does do what
    > > you say it won't do.
    > >
    > > stonerfish

    >
    > Doesn't do it here. Sorry. Don't know why it does on your system? If a
    > command is not found, it isn't recorded in my .bash_history file.


    Check again. I suspect you overlooked the fact that output to
    ..bash_history is buffered. Do a command, check history, and it won't be
    there. Exit that shell and start another, then check, and that first
    command will then be there, as exiting the first shell made it flush its
    buffers.

    --
    --Tim Smith

  5. Re: bash history default setting is crazy insecure in Ubuntu

    Vitorio Okio wrote:
    >
    > It is exactly as I stated. There is a file in /root directory
    > named ".bash_history", likewise there is another one my home
    > directory. I did not do anything funsy with my install either.
    > This is a default installation of Feisty Fawn that was upgrated
    > to Gutsy Gibbon upon its release using a standard procedure.
    >
    > So, I even do not really now when this file was created and when
    > and under what circumstances it was filled in. The only thing I
    > can say for sure - I've never logged in as root but used console
    > after "sudo -s" a couple of times.
    >
    > The offending file had a long list of commands entered in bash.
    > The very first 2 lines at the top of the file where exactly as
    > follows:
    >
    > password
    > MY_ROOT_PASSWORD_IN_PLAIN_TEXT
    > ...
    >
    > Then all bash history followed as normal.


    I agree you should try to track this down. One further possibility
    - someone has discovered a way to launch that operation. It would
    probably have to be someone with hard access to your machine, since
    that .bash_session file is normally not accessible. Maybe you
    should check the permissions on the file.

    --
    [mail]: Chuck F (cbfalconer at maineline dot net)
    [page]:
    Try the download section.



    --
    Posted via a free Usenet account from http://www.teranews.com


  6. Re: bash history default setting is crazy insecure in Ubuntu

    CBFalconer writes:

    > Vitorio Okio wrote:
    >>
    >> It is exactly as I stated. There is a file in /root directory
    >> named ".bash_history", likewise there is another one my home
    >> directory. I did not do anything funsy with my install either.
    >> This is a default installation of Feisty Fawn that was upgrated
    >> to Gutsy Gibbon upon its release using a standard procedure.
    >>
    >> So, I even do not really now when this file was created and when
    >> and under what circumstances it was filled in. The only thing I
    >> can say for sure - I've never logged in as root but used console
    >> after "sudo -s" a couple of times.
    >>
    >> The offending file had a long list of commands entered in bash.
    >> The very first 2 lines at the top of the file where exactly as
    >> follows:
    >>
    >> password
    >> MY_ROOT_PASSWORD_IN_PLAIN_TEXT
    >> ...
    >>
    >> Then all bash history followed as normal.

    >
    > I agree you should try to track this down.


    Phew. That's a massive vote of support! (Even though there is nothing to
    track down).

    > One further possibility


    To what?

    > - someone has discovered a way to launch that operation.


    What operation?

    > It would
    > probably have to be someone with hard access to your machine, since
    > that .bash_session file is normally not accessible. Maybe you
    > should check the permissions on the file.


    If they had "hard access" and logged in as root, what exactly would that
    give them?

    There is another possibility. You don't have a clue and it's working as
    designed. The OP simply made a mistake and entered a command called
    "password".

    >
    > --
    > [mail]: Chuck F (cbfalconer at maineline dot net)
    > [page]:
    > Try the download section.


    Despite constant reminders, you're STILL posting with two signatures.

  7. Re: bash history default setting is crazy insecure in Ubuntu

    On Wed, 30 Jan 2008 05:23:45 +0000, Vitorio Okio wrote:

    > It is exactly as I stated. There is a file in /root directory named
    > ".bash_history", likewise there is another one my home directory. I
    > did not do anything funsy with my install either. This is a default
    > installation of Feisty Fawn that was upgrated to Gutsy Gibbon upon its
    > release using a standard procedure.
    >
    > So, I even do not really now when this file was created and when and
    > under what circumstances it was filled in. The only thing I can say
    > for sure - I've never logged in as root but used console after "sudo -s"
    > a couple of times.
    >
    > The offending file had a long list of commands entered in bash. The
    > very first 2 lines at the top of the file where exactly as follows:
    >
    > password
    > MY_ROOT_PASSWORD_IN_PLAIN_TEXT
    > ...
    >


    'password' is not a command. Perhaps you meant to type "passwd" (the
    command to change your password)? If you typed 'password', .bash_history
    would record it as a (failed) command, followed by the also-failed command
    you typed entering your root password.

    --
    MarkA
    (My OTHER sig line is clever)


  8. Re: bash history default setting is crazy insecure in Ubuntu

    On Wed, 30 Jan 2008 18:03:16 -0800, Tim Smith wrote:

    > In article ,
    > "Vitorio Okio" wrote:
    >> The offending file had a long list of commands entered in bash. The
    >> very first 2 lines at the top of the file where exactly as follows:
    >>
    >> password
    >> MY_ROOT_PASSWORD_IN_PLAIN_TEXT
    >> ...
    >>
    >> Then all bash history followed as normal.
    >>
    >> I simpy could not type it in by mistake :-) since till today I never
    >> opened the file. Even today I opened it only by a pure chance, since
    >> I started learning how to harden my system security, etc. and was
    >> wondering arround following some reading.

    >
    > You typed "password". Since there is no "password" command (did you
    > mean to type "passwd"?), bash gave you an error, which you overlooked.
    > Evidently, whatever this "password" command is you thought you were
    > going to run, you expected it to ask you for your password, so you typed
    > it, not noticing you were at a command prompt still.
    >
    > Hopefully, your password does not match a command, so you got another
    > error. (This is a good illustration of why your password should not be
    > "rm -rf /").
    >


    How did you guess my password? That's creepy!

    --
    MarkA
    (My OTHER sig line is clever)


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2