Date: Sun, 25 Jun 2000 14:42:32 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: phrack_ p h r a c k <phrack_@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: BitchX Dangerous? Message-ID: <20000625144232.A3337@hades.hell.gr> In-Reply-To: <20000625043023.1354.qmail@hotmail.com>; from phrack_@hotmail.com on Sun, Jun 25, 2000 at 04:30:23AM %2B0000 References: <20000625043023.1354.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[ freebsd-newbies removed from recipients, cross posting is not good :) ] On Sun, Jun 25, 2000 at 04:30:23AM +0000, phrack_ p h r a c k wrote: > I was recently informed that there was a way for a user to type a > command(s) in BitchX and get a command line, I do not know about a command line, but most IRC clients that I know of (epic, BitchX, etc) have the /exec command, which can be used to execute arbitrary commands on the host that the client is running. I customarily use this command in aliases such as: /alias dns exec /usr/bin/host $0- But I am not sure if this can be used to gain access to a shell prompt. > i have a user acct on my box that defaults to BitchX when this user > ssh's in, if i only want that user to use bitchX but am afraid that > user knows far more than i and dont want to take the chance of > something like that happening does anyone know where i could read up > more on this and how to prevent it Having bitchx as their login shell does not prevent users from executing commands on your machine. Apart from having them run in a chrooted environment, which is probably too much trouble and does not solve the problem, I can't think of anything else except for: a) Making the machine fairly secure with it's user-limits and quotas enabled. b) Giving to anyone you wish, a normal shell, without any special priviledges. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public key: finger keramida@ceid.upatras.gr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000625144232.A3337>