From owner-freebsd-questions Fri Dec 4 12:06:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA14507 for freebsd-questions-outgoing; Fri, 4 Dec 1998 12:06:17 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from ns.insolwwb.net (ns.insolwwb.net [206.31.149.200]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA14500 for ; Fri, 4 Dec 1998 12:06:15 -0800 (PST) (envelope-from mgrommet@insolwwb.net) Received: from mikeg (work2.insolwwb.net [208.150.248.12]) by ns.insolwwb.net (8.9.0/8.9.0) with SMTP id OAA09288 for ; Fri, 4 Dec 1998 14:00:48 -0600 (CST) From: mike grommet Reply-To: To: Subject: Advice on sendmail / execution of programs through .forward Date: Fri, 4 Dec 1998 14:06:35 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi guys, I need some advice... I block off shell access to my primary server... however one of my users pulled a sneaky one. He executed a xterm shell from his .forward and had it connect to his X server on his personal PC... pretty slick actually, I have to give him that. I never even considered it. Well, naturally I am a bit concerned about this... this particular user is quite benevolent, but what about next time? I mean, it seems quite possible for a user to upload some sort of exploit and an appropriate .forward via ftp, send mail to himself and WHAM. Life gets real bad. Now, its quite convenient to be able to run programs from .forward, procmail comes to mind immediately... So what do you guys suggest to fix this problem the right way? Mike Grommet Unix Systems Adminstrator Internet Solutions, Inc. mgrommet@insolwwb.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message