[834] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Talk security?

daemon@ATHENA.MIT.EDU (Vaughn Skinner)
Fri Jun 21 12:05:28 1996

Date: Mon, 17 Jun 1996 13:40:30 -0700
From: Vaughn Skinner <vaughn@solid.net>
To: linux-security@tarsier.cv.nrao.edu
In-reply-to: <11350.199606162322@stone.dcs.warwick.ac.uk> (message from Zefram
	on Mon, 17 Jun 1996 00:22:28 +0100 (BST))

   [Mod: Quoting trimmed.  --Jeff.]

   The most obvious thing /etc/shells is used for is nonymous ftp.  You
   probably don't want to allow ftp access to this account.  If you do,
   things get a lot more complicated.  But don't forget that it's used by
   other programs too; for example, GNU su (a security hole in itself, for
   obvious reasons) allows the user to run an arbitrary program instead of
   the target user's login shell, if the target user is an unrestricted
   account (login shell in /etc/shells).

   So, to summarise, *don't* put an insecure program in a privileged
   position, and *don't* list a restricted shell as unrestricted.

    -zefram

(I eat my humble pills...)

If it is a bad idea to put /bin/ftponly in /etc/shells, I need
a new way to allow users to have ftp access without shell access.

wu.ftpd requires the user's shell to be in /etc/shells.

Is the solution a ftpd hack to accept /bin/ftponly as a valid
shell?  Is there a better way?

vaughn

home help back first fref pref prev next nref lref last post