From owner-freebsd-questions  Sun Jun 25  9: 9:21 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from kingsqueak.org (cc737825-a.etntwn1.nj.home.com [24.3.202.115])
	by hub.freebsd.org (Postfix) with ESMTP id 92AEB37B5B1
	for <freebsd-questions@FreeBSD.ORG>; Sun, 25 Jun 2000 09:09:14 -0700 (PDT)
	(envelope-from kingsqueak@kingsqueak.org)
Received: by kingsqueak.org (Postfix, from userid 1001)
	id 1F50116E20; Sun, 25 Jun 2000 12:09:13 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by kingsqueak.org (Postfix) with ESMTP
	id 1B6941129C; Sun, 25 Jun 2000 12:09:13 -0400 (EDT)
Date: Sun, 25 Jun 2000 12:09:13 -0400 (EDT)
From: Chris <kingsqueak@kingsqueak.org>
X-Sender: drmoreau@kingsqueak.org
Reply-To: Chris <kingsqueak@home.com>
To: phrack_ p h r a c k <phrack_@hotmail.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: BitchX Dangerous?
In-Reply-To: <20000625043023.1354.qmail@hotmail.com>
Message-ID: <Pine.BSF.4.21.0006251204240.41803-100000@kingsqueak.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Well, with BitchX, if you enter  /exec rm -rf  it ...will.

That's not just a BitchX thing, it is possible with all ircII clients
iirc.

Also, pretty sure the default compile options enable the screen
functionality.  C-z will suspend BitchX and most likely give the user a
shell prompt.

It is far from a locked down login ;-).

Another less severe but potentially aggravating situation is if you are
using a static ip... some kiddie abuses the login you gave him and now
your ip is Akilled by the irc nets he was on.

On Sun, 25 Jun 2000, phrack_ p h r a c k wrote:

> I was recently informed that there was a way for a user to type a
> command(s) in BitchX and get a command line, i have a user acct on my box 
> that
> defaults to BitchX when this user ssh's in, if i only want that user to use 
> bitchX
> but am afraid that user knows far more than i and dont want to take the
> chance of something like that happening does anyone know where i could read
> up more on this and how to prevent it
> 
> 
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-newbies" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message