[3709] in WWW Security List Archive
Re: Hole: nobody shell
daemon@ATHENA.MIT.EDU (Dave Wreski)
Thu Dec 5 00:17:06 1996
Date: Wed, 4 Dec 1996 21:58:34 -0500 (EST)
From: Dave Wreski <tel1dvw@is.ups.com>
To: scott hollatz <shollatz@d.umn.edu>
Cc: www-security <www-security@ns2.rutgers.edu>
In-Reply-To: <199612041458.IAA11073@borg.d.umn.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 4 Dec 1996, scott hollatz wrote:
> We give 'nobody' the same login shell as anonymous ftp: /nosuchshell ,
> where '/nosuchshell' is a nonexistent file. This prevents the giving an
> unauthenticated shell via an xterm.
This doesn't sound like too good of an idea to me... I would think that
all it would take would be to hack a /nosuchshell file as #!/bin/bash, and
your in.. Whats wrong with /dev/null or /bin/false, or some other file
that exists, but cannot be written over?
I actually suppose it may be the same thing -- that is, creating a
/nosuchshell on root, where a normal user does not have permission, or
changing the contents of /bin/false, where he has the same write
permissions. Maybe /dev/null...
Dave
-----------------------------------------------------------------------
"The opinions expressed here are my own and do not represent the views
or opinions of United Parcel Service, Inc."
-----------------------------------------------------------------------
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc
