Date: Thu, 6 Jan 2000 15:00:46 -0500 (EST) From: Jim Sander <jim@federation.addy.com> To: Mark Conway Wirt <mark@intrepid.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: MUA as shell for mail-only accounts? Message-ID: <Pine.BSF.4.10.10001061318580.21920-100000@federation.addy.com> In-Reply-To: <20000106105603.D18458@intrepid.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> All very important, but there are other pitfalls as well. Such as? I'm always interested in hearing new ways. I'm even up for generating a good list beyond what I already have. I'd even mod a pine.conf.fixed file and make it available to anyone who wanted once we could agree on a sanity-checked list of things that need blocking. > If you allow ssh for "normal users," wasn't there a thread here a > while ago that ssh could be used to change the login shell? Forgive > me if I'm remembering it incorrectly... Normal users have full access- they get tcsh as their shell. It's only email-only users (who have their login shell as pine) that we're concerned about here. In theory, normal users on the same system who know the password to an email-only account could probably find a way to execute chsh via su for that person's account, but that's why chsh is 700 SSH I don't think can be used to change the shell directly- unless you mean the "exploit the RSA-REF hole for root; vi /etc/master.passwd" method of changing shells. :) Maybe *I'm* remembering incorrectly though. -=Jim=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001061318580.21920-100000>