From owner-freebsd-security  Tue Nov 14 18:21:47 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id SAA04905
          for security-outgoing; Tue, 14 Nov 1995 18:21:47 -0800
Received: from twitch.io.org (root@twitch.io.org [198.133.36.152])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id SAA04899
          for <freebsd-security@freebsd.org>; Tue, 14 Nov 1995 18:21:41 -0800
Received: from flinch.io.org (flinch.io.org [198.133.36.153]) by twitch.io.org (8.6.9/8.6.9) with SMTP id VAA15002 for <freebsd-security@freebsd.org>; Tue, 14 Nov 1995 21:21:03 -0500
Date: Tue, 14 Nov 1995 21:21:16 -0500 (EST)
From: Brian Tao <taob@io.org>
To: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Using telnet as a shell
Message-ID: <Pine.BSF.3.91.951114211932.289C-100000@flinch.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
Precedence: bulk

    How safe is the Kerberized telnet client as a shell?  I have an
account on one of my machines called "telnet" with no password.  It
calls /usr/bin/telnet as the shell.  I played with it for about ten
minutes and couldn't find any way to spawn a shell or otherwise gain
unauthorized access to the machine.  Have I overlooked something?
--
Brian Tao (BT300, taob@io.org)
Systems Administrator, Internex Online Inc.
"Though this be madness, yet there is method in't"