Date: Wed, 23 Jan 2002 01:13:42 -0500 From: parv <parv_@yahoo.com> To: Cliff Sarginson <cliff@raggedclown.net> Cc: f-q <freebsd-questions@freebsd.org> Subject: Re: is /usr/bin/passwd advisable as a login shell for ftp only users? Message-ID: <20020123061342.GA92756@moo.holy.cow> In-Reply-To: <20020123041706.GH1345@raggedclown.net> References: <20020123035805.GA92721@moo.holy.cow> <20020123041706.GH1345@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
in message <20020123041706.GH1345@raggedclown.net>, wrote Cliff Sarginson thusly... > > On Tue, Jan 22, 2002 at 10:58:05PM -0500, parv wrote: > > ... somebody posted that /usr/bin/passwd is also a potential > > shell, along w/ sh, csh, etc. in reply, i thought out loud that > > that was a blunder ... > > > Any program can be a "shell". > Just create a password file entry with the program in the shell > field. ... yeah, i realized that an hour or so after posting... i just didn't think of this "innovative" way to use the passwd program. > > something tells me that using passwd (as a login shell) is bad > > thing, but i cannot come up w/ technical reasons. it seems > > to be a security risk waiting to happen. ... > A security risk, probably, most any suid root program is. ... ah, "suid" is the keyword! i didn't think of the "suid" bit, but was well aware that passwd has access to the passwd database. thanks. - parv -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020123061342.GA92756>