Date: Fri, 21 Sep 2001 07:55:40 -0500 From: Rob Andrews <rob@cyberpunkz.org> To: Peter Pentchev <roam@ringlet.net> Cc: Marc Rogers <marcr@shady.org>, FreeBSD-Security@FreeBSD.ORG Subject: Re: login_conf vulnerability. Message-ID: <20010921075540.B71120@switchblade.cyberpunkz.org> In-Reply-To: <20010921154834.B619@ringworld.oblivion.bg>; from roam@ringlet.net on Fri, Sep 21, 2001 at 03:48:34PM %2B0300 References: <20010921124410.D99287@shady.org> <20010921154834.B619@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
--LyciRD1jyfeSSjG0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 21, 2001 at 03:48:34PM +0300, Peter Pentchev wrote: > Correct me if I'm wrong, but IMHO this will only stop cluebies who do > not take the time to look and see just *why* the 'default' override > does not work. What happens when they change their .login.conf file > and override the 'standard' login class instead? Users cannot change their login class on the system with .login.conf, they can only affect certain things such as path statements and such. Try it yourself and see.. :) --=20 Rob Andrews Administrator Cyberpunk Alliance http://www.cyberpunkz.org/ Minneapolis, MN --LyciRD1jyfeSSjG0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7qzjMAXwJ9YLqJJURAryAAJ0ehvYLmmVzIycwE/ov90pLaiayNACggESe Q6AB8q0T/fSwLpDDZYm/ygo= =QPBf -----END PGP SIGNATURE----- --LyciRD1jyfeSSjG0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921075540.B71120>