From owner-freebsd-security  Fri Aug 28 22:12:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA11239
          for freebsd-security-outgoing; Fri, 28 Aug 1998 22:12:02 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA11234
          for <security@FreeBSD.ORG>; Fri, 28 Aug 1998 22:12:01 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id WAA17402;
	Fri, 28 Aug 1998 22:10:53 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Fri, 28 Aug 1998 22:10:53 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
cc: security@FreeBSD.ORG
Subject: Re: Shell history 
In-Reply-To: <3.0.3.32.19980828235925.00b1b5ec@207.227.119.2>
Message-ID: <Pine.BSF.4.02A.9808282208110.17138-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 28 Aug 1998, Jeffrey J. Mountin wrote:

>At 11:05 PM 8/27/98 -0700, Jan B. Koum wrote:
>>On Fri, 28 Aug 1998, Warren Toomey wrote:
>>
>>>In article by Jan B. Koum:
>>>> 	What if the user would be to switch shell or to install their own?
>>>> 	I do not think one should depend on shell history to log all what
>>>> 	user does. How would YOU monitor what your users are
>>>> 	doing if you had to?
>>>
>>>	accton(8), lastcomm(1)
>>>
>>>		Warren
>>>
>>	
>>	Once can just "cp" the executable.
>
>
>But in order to 'cp' you must be able to read.
>
>Why have more permissions than needed?
>
>
>
>
>Jeff Mountin - Unix Systems TCP/IP networking
>jeff@mountin.net
>
	Uhm.. I don't have to read. If I want to execute something and it
is in my path, I just "cp `which vi` ./..." and then "./..."
	Taking away read permissions from directories such as /bin, /sbin
and etc. is just security through obscurity IMHO unless you are doing some
other things such as trusted path execution, chroot'ed environment, etc.

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message