Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Jun 2000 11:58:49 +0200
From:      Marc Silver <marcs@draenor.org>
To:        phrack_ p h r a c k <phrack_@hotmail.com>
Cc:        freebsd-newbies@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject:   Re: BitchX Dangerous?
Message-ID:  <20000625115849.L53435@draenor.org>
In-Reply-To: <20000625043023.1354.qmail@hotmail.com>; from phrack_@hotmail.com on Sun, Jun 25, 2000 at 04:30:23AM %2B0000
References:  <20000625043023.1354.qmail@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
It's quite simple to be able to break out a program like BitchX.  I'm
guessing, but a simple =1A should get the user out of it....  :)  Then of
course, they could always /exec which means they could execute something
outside of BX.  :)

There are ways to limit this, but they all require quite a bit of work.
Basically though... I don't think bitchx was designed to keep people out
of shells...  :)  Perhaps look at chrooting the user and the process.
:)

Cheers,
Marc

On Sun, Jun 25, 2000 at 04:30:23AM +0000, phrack_ p h r a c k wrote:
> I was recently informed that there was a way for a user to type a
> command(s) in BitchX and get a command line, i have a user acct on my box=
=20
> that
> defaults to BitchX when this user ssh's in, if i only want that user to u=
se=20
> bitchX
> but am afraid that user knows far more than i and dont want to take the
> chance of something like that happening does anyone know where i could re=
ad
> up more on this and how to prevent it
>=20
>=20
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000625115849.L53435>