Date: Thu, 8 Nov 2001 22:01:00 -0500 From: "Kutulu" <kutulu@kutulu.org> To: "Anthony Atkielski" <anthony@atkielski.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <027f01c168ca$c4347820$88682518@longhill1.md.home.com> References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com> <20011108102356.B10218@pr0n.kutulu.org> <00a101c16891$ee108050$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Anthony Atkielski" <anthony@atkielski.com> To: "Kutulu" <kutulu@kutulu.org>; <freebsd-questions@FreeBSD.ORG> Sent: Thursday, November 08, 2001 3:14 PM Subject: Re: Re[2]: Tiny starter configuration for FreeBSD > Can telnet be secured for guest accounts by specifying a shell that really isn't > a shell, e.g., a custom-written program that provides no shell-like command > access? Sure, that would work. Your guest account is then as secure as the replacement shell program. You'd have to take care to avoid both direct exploits to that program that may permit raised access levels, and exploits that allow the user to escape the pseudo-shell into a real one. Something like this concept is what drives many a small bulletin board/MUD/freenet/etc: the guest account gets a 'shell' that's just a menu of commands they're allowed to run, etc. --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?027f01c168ca$c4347820$88682518>