[Prev][Next][Index][Thread]
Re: XDMCP security?
On Mon, 23 Sep 1996, Alexandre Khalil wrote:
> On Mon, 23 Sep 1996, Ira Abramov wrote:
>
> >I just discovered that taking away the shell from a user (leaving him only
> >with pop) won't stop him from getting a shell if he opens an X session
> >through XDMCP (i.e. any win95 station and a few freewares :-(
>
> >deleting the users' .xsession is a patial solution, but they can undo
> >that, and creating a .xsession owned by root (non-rewritable by the user)
> >seems like an awkward solution. ideas anyone?
>
> This last will not work.
>
> A user has the privilege to rename a root owned file or directory
> inside a directory (the home directory here) that she owns.
not if root chmods is 000
-------------------------------------------------------------
Ira Abramov <ira@scso.com> Scalable Solutions
SITE Web Presence ("webspace for rent") http://www.site.co.il
Beeper 48484 at 03-610-6666, 02-6294-666 FAX (972)2-643-0471
POBox 3600, Jerusalem 91035, Israel Tel (972)2-642-6822
http://www.scso.com/~ira Check out: http://www.linux.org.il
Follow-Ups:
References: