Date: Sat, 05 May 2001 18:34:18 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Dominic Marks" <dominic_marks@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Login Permissions Message-ID: <200105060134.f461YbJ03934@cwsys.cwsent.com> In-Reply-To: Your message of "Sat, 05 May 2001 13:57:29 -0000." <F53ngr5tTXeCOtrsbMe00002e67@hotmail.com>
index | next in thread | previous in thread | raw e-mail
In message <F53ngr5tTXeCOtrsbMe00002e67@hotmail.com>, "Dominic Marks"
writes:
> Login can be executed by any user connected with a local or remote shell.
> Login could therefore be used as a forkbomb/dos attack which could be used
> to eat resources (and possbibly ttys?).
>
> Should login be set as chmod 700?
A better solution would be to only allow login to be executed using the
exec builtin from the lowest level shell as Solaris does:
No utmpx entry. You must exec "login" from the lowest level "shell".
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105060134.f461YbJ03934>