Date: Sun, 25 Jun 2000 11:58:49 +0200 From: Marc Silver <marcs@draenor.org> To: phrack_ p h r a c k <phrack_@hotmail.com> Cc: freebsd-newbies@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: BitchX Dangerous? Message-ID: <20000625115849.L53435@draenor.org> In-Reply-To: <20000625043023.1354.qmail@hotmail.com>; from phrack_@hotmail.com on Sun, Jun 25, 2000 at 04:30:23AM %2B0000 References: <20000625043023.1354.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It's quite simple to be able to break out a program like BitchX. I'm guessing, but a simple =1A should get the user out of it.... :) Then of course, they could always /exec which means they could execute something outside of BX. :) There are ways to limit this, but they all require quite a bit of work. Basically though... I don't think bitchx was designed to keep people out of shells... :) Perhaps look at chrooting the user and the process. :) Cheers, Marc On Sun, Jun 25, 2000 at 04:30:23AM +0000, phrack_ p h r a c k wrote: > I was recently informed that there was a way for a user to type a > command(s) in BitchX and get a command line, i have a user acct on my box= =20 > that > defaults to BitchX when this user ssh's in, if i only want that user to u= se=20 > bitchX > but am afraid that user knows far more than i and dont want to take the > chance of something like that happening does anyone know where i could re= ad > up more on this and how to prevent it >=20 >=20 > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000625115849.L53435>