Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Todd C. Miller (Todd.Millercourtesan.com)
Date: Tue Mar 20 2001 - 18:12:24 CST
As reported elsewhere, A patch is now available that forces readline
history files to be created with a restrictive file mode
(readable/writable only by owner). This matches the behavior of
the current version of readline (readline 4.1, which will ship with
The readline library shipped with OpenBSD allows history files
creation with a permissive umask. This can lead to the leakage
of sensitive information in applications that use passwords and
the like during user interaction (one such application is mysql).
Patch for OpenBSD 2.8:
Patch for OpenBSD 2.7:
The 2.7 patch also includes a change made after 2.7 was released.
Previously, if the HOME environment variable was not set, readline
would read from / write to a history file in the current working.
The new behavior is to disable the history file if HOME is not set.