LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DM-Steg

DM-Steg

Posted Dec 2, 2011 17:16 UTC (Fri) by jimparis (subscriber, #38647)
In reply to: DM-Steg by gmaxwell
Parent article: DM-Steg

> Then you just need to run "<space>dm-stegmountstuff; qemu-kvm --hda /dev/mapper/whatever" and you'll be fairly close to leak free, though some care will be needed to make sure nothing from kvm goes into syslog (and so long as you don't slip up, forget the space, and let that into your shell history— we could make this better if there was a default list of "cryptographic commandlines" which were automatically excluded from the shell history).

I've never heard of that "leading space prevents it from ending up in your history" -- it doesn't work on my shell (bash 4.1.5).

Of course, leaving it out of your history is just one problem.
If you're trying to hide the fact that you've run kvm, you'll also have to make sure none of it gets swapped, things like the atime of the kvm executable or any loaded libraries don't get touched, the kvm window doesn't end up in your saved desktop session, etc.

(Log in to post comments)

DM-Steg

Posted Dec 2, 2011 18:00 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

In zsh it is "setopt histignorespace". I don't see an equivalent in bash.

DM-Steg

Posted Dec 2, 2011 18:01 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

> I've never heard of that "leading space prevents it from ending up in your history" -- it doesn't work on my shell (bash 4.1.5).

You have to set HISTCONTROL=ignorespace to get that behavior. It's not the default.

DM-Steg

Posted Dec 2, 2011 18:28 UTC (Fri) by gmaxwell (subscriber, #30048) [Link]

I've never heard of that "leading space prevents it from ending up in your history" -- it doesn't work on my shell (bash 4.1.5).
Ah! set HISTCONTROL=ignorespace (I've had ignoreboth, which ignores space-prefixed and duplicates for so long that I thought it was a default).
If you're trying to hide the fact that you've run kvm, you'll also have to make sure none of it gets swapped,
Again, I was making assumptions from my own configuration. But it's a hard thing... (In my case "swap /dev/sda3 /dev/urandom swap,cipher=aes-lrw-plain,size=256" in my crypttab makes my swap completely ephemeral, I run noatime on my systems, don't use a session managing desktop environment). It was foolish of me to make it sound so simple— it's not— but nor is it insurmountable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds