Last active
October 26, 2025 09:17
-
-
Save brlin-tw/f76e6abee1def5e2b6d71d04297e5167 to your computer and use it in GitHub Desktop.
(WITHDRAWED) User command history logging robustness test #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ stat /var/log/history | |
| File: /var/log/history | |
| Size: 0 Blocks: 0 IO Block: 4096 directory | |
| Device: 0,200 Inode: 73657901 Links: 1 | |
| Access: (0777/drwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root) | |
| Access: 2025-10-26 08:02:20.975866783 +0000 | |
| Modify: 2025-10-26 08:02:20.975866783 +0000 | |
| Change: 2025-10-26 08:02:20.975866783 +0000 | |
| Birth: 2025-10-26 07:59:38.743618000 +0000 | |
| $ rm -r /var/log/history | |
| rm: cannot remove '/var/log/history': Permission denied | |
| $ rm -rf /var/log/history/user | |
| root@053d71500944:/# mkdir /var/log/history/ubuntu | |
| root@053d71500944:/# chown ubuntu:ubuntu /var/log/history/ubuntu/ | |
| root@053d71500944:/# chmod 300 /var/log/history/ubuntu | |
| root@053d71500944:/# su - user | |
| $ stat /var/log/history/ubuntu | |
| File: /var/log/history/ubuntu | |
| Size: 0 Blocks: 0 IO Block: 4096 directory | |
| Device: 0,200 Inode: 73658207 Links: 1 | |
| Access: (0300/d-wx------) Uid: ( 1000/ ubuntu) Gid: ( 1000/ ubuntu) | |
| Access: 2025-10-26 08:06:27.951613348 +0000 | |
| Modify: 2025-10-26 08:06:27.951613348 +0000 | |
| Change: 2025-10-26 08:06:54.583694373 +0000 | |
| Birth: 2025-10-26 08:06:27.951613348 +0000 | |
| $ rm -rf /var/log/history/ubuntu | |
| $ echo $? | |
| 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
UPDATE: This PoC fails to replicate the typical situation where the other user's history directory isn't empty, where, in this case, the directory removal operation will error with a "Permission denied" error.