> are ".history" files set group/world readable on pantheon? if so, why
> wouldn't a cracker just look through someones history file and shell
> configuration file to figure out what's vulnerable?
User directories are set to be private, by default, on both the Zoo and
the Pantheon. The default umask is 077 on Pantheon, making all files that
users create (including, possibly, .history) private (by default).
On the Zoo, the default umask was decided by policy to be 022. So I set
savehist=0 (which prevents .history files from being created) in the
systemwide startup scripts, just to be safe. It's really funny (and maybe
a little sick) that we both specifically thought of this issue :)
Shawn