[841] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Talk security?

daemon@ATHENA.MIT.EDU (Michael Brennen)
Mon Jun 24 14:58:32 1996

Date: Fri, 21 Jun 1996 17:24:42 -0500 (CDT)
From: Michael Brennen <mbrennen@fni.com>
To: Vaughn Skinner <vaughn@solid.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606172040.NAA06715@arcott.mtjeff.com>

On Mon, 17 Jun 1996, Vaughn Skinner wrote:

>    The most obvious thing /etc/shells is used for is nonymous ftp.  You
>    probably don't want to allow ftp access to this account.  If you do,
>    things get a lot more complicated.  But don't forget that it's used by
>    other programs too; for example, GNU su (a security hole in itself, for
>    obvious reasons) allows the user to run an arbitrary program instead of
>    the target user's login shell, if the target user is an unrestricted
>    account (login shell in /etc/shells).
> 
>    So, to summarise, *don't* put an insecure program in a privileged
>    position, and *don't* list a restricted shell as unrestricted.
>
> ......
>
> If it is a bad idea to put /bin/ftponly in /etc/shells, I need
> a new way to allow users to have ftp access without shell access.
> 
> wu.ftpd requires the user's shell to be in /etc/shells.
> 
> Is the solution a ftpd hack to accept /bin/ftponly as a valid
> shell?  Is there a better way?

/etc/ftponly should not exist, and it does not have to exist.  Make
/etc/ftponly as the shell in /etc/passwd and put it in /etc/shells, but
don't create it.  It does not have to exist to use this as a login shell
for ftp.  It doesn't work very well as a login shell if it doesn't exist. 

I suppose some one could create it as a valid login shell; monitoring for
this might be prudent.  Other than that it seems clean enough.  Have I 
missed something?

   -- Michael

home help back first fref pref prev next nref lref last post