[Prev][Next][Index][Thread]
Re: XDMCP security?
Hi,
> > On Mon, 23 Sep 1996, Ira Abramov wrote:
> >
> > >I just discovered that taking away the shell from a user (leaving him only
> > >with pop) won't stop him from getting a shell if he opens an X session
> > >through XDMCP (i.e. any win95 station and a few freewares :-(
I am not sure this is a solution (cannot check it right now), but
anyway:
When you `take away' a user shell, most probably you do it by
assigning /dev/null which is not a valid shell. However, there is a
special shell for just these purposes. It is /bin/false. This shell
allows a user to log in, writes information about user's mail, and
exits.
I suspect freeware Win95 you are talking about can somehow overcome
invalid shell but will honor a valid one.
> > A user has the privilege to rename a root owned file or directory
> > inside a directory (the home directory here) that she owns.
>
> not if root chmods is 000
As long as a directory is owned by a user, he can delete any file
there, that is, if he can log in :-)
Hope this helps,
Andy
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* Andrey Tsouladze * *
* Webmaster/Systems Manager * *
* SPL WorldGroup * Cogito, *
* 3b Yoni Netaniyahu * *
* Or-Yehuda 60200, Israel * ergo *
* E-mail: andy@spl.co.il * *
* E-mail: tsoul@tx.technion.ac.il * sum *
* E-mail: tsoul@aluf.technion.ac.il * *
* http://www.spl.co.il/~andy * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Follow-Ups:
References: