[Prev][Next][Index][Thread]

Re: XDMCP security?



On Tue, 24 Sep 1996, Arik Baratz wrote:

> On Mon, 23 Sep 1996, Adi Stav wrote:
> 
> >         Why not have the user's home directory owned by root? The user will be able to modify any existing files once you create them for her, but not create, rename or remove anything herself. 

It is possible, and IMHO should work, although it looks ugly. Besides, I am 
not sure it will not screw up other services...

Actually, there must exist a simple solution, otherwise this would be a 
big security hole. The problem is not Linux specific, I suppose, so a 
good place to look for an answer is Unix Guru Universe (www.ugu.com), or 
Sun Managers mailing list:

! To have your mailing address added to or removed from the mailing list,    
! send a request to "sun-managers-request@ra.mcs.anl.gov".  The request
! should contain simply one line which says either "add" or "remove".

> Let's go one step farther - Why give home directories at all, if all you
> want is to provide POP services??? Make the home directory invalid - all
> they need is /var/mail (sysV) or /var/spool/mail (Linux,BSD)

Because the idea was to put there the .Xdefaults that would throw a user 
away, and could not be edited.

Absence of the home dir does not prevent login at all.
"Try it, you gonna like it"...

Andy

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*               Andrey Tsouladze                *                   *
*          Webmaster/Systems Manager            *                   *
*                SPL WorldGroup                 * Cogito,           *
*              3b Yoni Netaniyahu               *                   *
*           Or-Yehuda 60200, Israel             *       ergo        *
*    E-mail: andy@spl.co.il                     *                   *
*    E-mail: tsoul@tx.technion.ac.il            *            sum    *
*    E-mail: tsoul@aluf.technion.ac.il          *                   *
*    http://www.spl.co.il/~andy                 *                   *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


References: