From owner-freebsd-questions  Tue Jan 22 22:11:49 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from harrier.prod.itd.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12])
	by hub.freebsd.org (Postfix) with ESMTP id A333A37B402
	for <freebsd-questions@freebsd.org>; Tue, 22 Jan 2002 22:11:43 -0800 (PST)
Received: from sdn-ar-004dcwashp137.dialsprint.net ([206.133.21.201] helo=moo.holy.cow)
	by harrier.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16TGdK-000321-00; Tue, 22 Jan 2002 22:11:43 -0800
Received: by moo.holy.cow (Postfix, from userid 1001)
	id E329750BA8; Wed, 23 Jan 2002 01:13:42 -0500 (EST)
Date: Wed, 23 Jan 2002 01:13:42 -0500
From: parv <parv_@yahoo.com>
To: Cliff Sarginson <cliff@raggedclown.net>
Cc: f-q <freebsd-questions@freebsd.org>
Subject: Re: is /usr/bin/passwd advisable as a login shell for ftp only users?
Message-ID: <20020123061342.GA92756@moo.holy.cow>
Mail-Followup-To: Cliff Sarginson <cliff@raggedclown.net>,
	f-q <freebsd-questions@freebsd.org>
References: <20020123035805.GA92721@moo.holy.cow> <20020123041706.GH1345@raggedclown.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020123041706.GH1345@raggedclown.net>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

in message <20020123041706.GH1345@raggedclown.net>, 
wrote Cliff Sarginson thusly...
>
> On Tue, Jan 22, 2002 at 10:58:05PM -0500, parv wrote:
> > ... somebody posted that /usr/bin/passwd is also a potential
> > shell, along w/ sh, csh, etc.  in reply, i thought out loud that
> > that was a blunder ...
> > 
> Any program can be a "shell".
> Just create a password file entry with the program in the shell
> field.
...

yeah, i realized that an hour or so after posting... i just didn't
think of this "innovative" way to use the passwd program.


> > something tells me that using passwd (as a login shell) is bad
> > thing, but i cannot come up w/ technical reasons.  it seems
> > to be a security risk waiting to happen.
...
> A security risk, probably, most any suid root program is.
...

ah, "suid" is the keyword!

i didn't think of the "suid" bit, but was well aware that passwd has
access to the passwd database.

thanks.

 - parv

-- 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message