Package: bash Version: 4.4-5 Severity: normal Dear Maintainer,
I think, history -c does not work as it should. Maybe it is an error by design? Do this: 1. login as normal user 2. become root with "su -" 3. delete history with "history -c" 4. Check history, history is gone 5. logout from root by "CTL + D" or "exit" 6. relogin as root with "su -" 7. Check history, voila, it appears again. IMO this could be a security hole, too, when an attacker gains root and can get further informations out of the history. I remember, history -c deleted the WHOLE history in earlier times. Thank you for reading this and thinking this over. Best regards Hans -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.14.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bash depends on: ii base-files 10 ii dash 0.5.8-2.5 ii debianutils 4.8.4 ii libc6 2.26-2 ii libtinfo5 6.0+20171125-1 Versions of packages bash recommends: ii bash-completion 1:2.1-4.3 Versions of packages bash suggests: pn bash-doc <none> -- no debconf information
