Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 Aug 1996 08:10:20 -0700 (PDT)
From:      john <john@katan.pomona.edu>
To:        Peter Hawkins <peter@clari.net.au>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: Trial accounts
Message-ID:  <Pine.BSF.3.91.960807080438.16513A-100000@katan.pomona.edu>
In-Reply-To: <199608070010.KAA01174@rhiannon.clari.net.au>

index | next in thread | previous in thread | raw e-mail



On Wed, 7 Aug 1996, Peter Hawkins wrote:

> I'd like to gather some feelings about providing (perhaps restricted) "trial"
> 1. security
> 2. The potential for someone to dial in under that name indefinitely.
> 
> However I don't want to lose custom :) so if there are ways of
> addressing 1. and 2. I'd like to hear them.
> 
> Peter
---
well, from my experience i've seen two easy ways of extending acct use.

1. a file under the name of "TERMSET*" was placed in a trial home 
directory which altered the time counter and the user was allowed to use the 
acct indefinitely.
	i'm not sure exactly what TERMSET* was altering, but it worked

2. after a trial period, even though the acct had expired, ftp was still 
open.  so someone was able to ftp a new .login file and consequently 
dialin indefinitely.

both methods aren't real security holes, simple settings changes would do 
the trick.  it's more of a reflection on the sysadmins.  they were either 
too busy, too lazy or too stupid to take care of it.

hope everything works out well for you

l8r



home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960807080438.16513A-100000>