[3716] in WWW Security List Archive
Re: Hole: nobody shell
daemon@ATHENA.MIT.EDU (scott hollatz)
Thu Dec 5 12:39:26 1996
From: scott hollatz <shollatz@d.umn.edu>
Date: Thu, 5 Dec 1996 09:24:43 -0600
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>> We give 'nobody' the same login shell as anonymous ftp: /nosuchshell ,
>> where '/nosuchshell' is a nonexistent file. This prevents the giving an
>> unauthenticated shell via an xterm.
>
>This doesn't sound like too good of an idea to me... I would think that
>all it would take would be to hack a /nosuchshell file as #!/bin/bash, and
>your in.. Whats wrong with /dev/null or /bin/false, or some other file
>that exists, but cannot be written over?
>
>I actually suppose it may be the same thing -- that is, creating a
>/nosuchshell on root, where a normal user does not have permission, or
>changing the contents of /bin/false, where he has the same write
>permissions. Maybe /dev/null...
Lively discussion on this by many people.
I should have clarified the server environment. It runs on a host where
only a few system admins can log onto it and all CGI programs go through
me for security checks before they are made live. In fact, all pages undergo
a review and must be approved if they are to put onto the host.
--
scott hollatz internet shollatz@d.umn.edu
information services, systems telephone +1 218 726 8851
university of minnesota-duluth mn usa fax +1 218 726 7674
"change is a universal constant"
