Clarification: rbash escape via history built-ins

[cyber security <cs7778503 () gmail com>]

Summary:
Restricted Bash (rbash) blocks output redirection to prevent file modification.
However, history-writing built-ins (`history -w`, `history -a`) can overwrite
startup files such as .profile if the restricted user is left in $HOME.
This allows PATH resets and escape from confinement.

Steps to reproduce:
1. Start rbash in $HOME with writable .profile.
2. Run: history -w .profile
3. On next login, .profile is sourced, PATH is reset, confinement is broken.

Discussion:
The Bash manual notes administrators must configure restricted environments
carefully (unwritable $HOME, different working directory, restricted PATH).
However, this particular escape vector is not documented in common guides
(e.g., https://0xffsec.com/handbook/shells/restricted-shells/).

Recommendation:
While consistent with current design, administrators should be aware that
history-writing built-ins can modify files in the current directory.
Restricted environments should ensure $HOME is unwritable or place users
in a safe subdirectory.

References:
GNU Bash manual:
https://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html

-- RelunSec