Re: Preventing a user login

wingel@hog.ctrl-c.liu.se
26 Sep 1999 22:48:12 -0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nat Lanza: "Re: [Q]: Linux and real device drivers"
Previous message: Andrea Arcangeli: "Re: Linux 2.2.x ISN Vulnerability"

In article <E11VMnL-0007BT-00@the-village.bc.nu> you write:
>Using /bin/true is bad practice. Many shells implement it as a script.
>Telnet allows environment variables to be passed when does often allow
>/bin/true shell users to execute commands.
>
>Use either
> /dev/null
>
>or very handily use
>
> /bin/passwd
>
>Then users can login with telnet, but only to set passwords.

This can lead to holes anyway, because not all ways of logging into a
system use the shell from /etc/passwd. For example, xdm usually runs
.Xsession, and at least with older RedHat installations it was possible
to use "X -query victim" and get a window manager with an Emacs in
the menus and the rest is easy.

/Christer

-- If it's tourist season, why can't we shoot them?

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Nat Lanza: "Re: [Q]: Linux and real device drivers"
Previous message: Andrea Arcangeli: "Re: Linux 2.2.x ISN Vulnerability"