From owner-freebsd-isp Thu Jan 6 12: 0:57 2000 Delivered-To: freebsd-isp@freebsd.org Received: from federation.addy.com (federation.addy.com [208.11.142.20]) by hub.freebsd.org (Postfix) with ESMTP id 6AAFD156FD for ; Thu, 6 Jan 2000 12:00:51 -0800 (PST) (envelope-from jim@federation.addy.com) Received: from localhost (jim@localhost) by federation.addy.com (8.9.3/8.9.3) with ESMTP id PAA28371; Thu, 6 Jan 2000 15:00:46 -0500 (EST) (envelope-from jim@federation.addy.com) Date: Thu, 6 Jan 2000 15:00:46 -0500 (EST) From: Jim Sander To: Mark Conway Wirt Cc: freebsd-isp@FreeBSD.ORG Subject: Re: MUA as shell for mail-only accounts? In-Reply-To: <20000106105603.D18458@intrepid.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > All very important, but there are other pitfalls as well. Such as? I'm always interested in hearing new ways. I'm even up for generating a good list beyond what I already have. I'd even mod a pine.conf.fixed file and make it available to anyone who wanted once we could agree on a sanity-checked list of things that need blocking. > If you allow ssh for "normal users," wasn't there a thread here a > while ago that ssh could be used to change the login shell? Forgive > me if I'm remembering it incorrectly... Normal users have full access- they get tcsh as their shell. It's only email-only users (who have their login shell as pine) that we're concerned about here. In theory, normal users on the same system who know the password to an email-only account could probably find a way to execute chsh via su for that person's account, but that's why chsh is 700 SSH I don't think can be used to change the shell directly- unless you mean the "exploit the RSA-REF hole for root; vi /etc/master.passwd" method of changing shells. :) Maybe *I'm* remembering incorrectly though. -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message