https://bugzilla.wikimedia.org/show_bug.cgi?id=50248
--- Comment #8 from Marc A. Pelletier <m...@uberbox.org> --- .bash_history records the commands you typed at the shell prompt that were actually submitted; recording the stream would include everything sent and/or received, including keystrokes to applications, typed passwords, etc. For instance, if you mistakenly start to type a password in your ssh session because your focus was on the wrong window then backspace over it, .bash_history would not record it, log_input and log_output would. Another difference is that you can manage (delete, edit, verify) your .bash_history, whereas logged I/O is neither visible nor under your control. The logged I/O would only be available to roots; but much of that is stuff that I wouldn't want to exist on disk even granted perfect trust in everyone involved. An accident that leaves /var/log/sudo-io/ accessible or a security flaw that allows escalation would expose that data -- on the instance or even the host. Key recording is just too much of an exposure, especially since the only putative benefit is the very marginal convenience of being able to start a screen session after sudo rather than just before it. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
