[3133] in bugtraq
Re: ? Trojan /usr/bin/false ?
daemon@ATHENA.MIT.EDU (Bernd Lehle)
Tue Aug 13 12:46:03 1996
Date: Tue, 13 Aug 1996 11:27:05 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Bernd Lehle <Bernd.Lehle@RUS.Uni-Stuttgart.DE>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.BSF.3.91.960725151216.3449A-100000@idiom.com> from "Jeremy
Brinkley" at Jul 25, 96 03:14:18 pm
>
> Replacing the default shell with /usr/bin/false (or /bin/false or
> whatever) is a common simple security reccommendation. Has anyone heard
> of somebody replacing /usr/bin/false with a Trojan version to gain access
> to the non-account accounts (adm, lp, bin, etc...)?
>
I have never heard that. But talking about true/false as login shells:
On IRIX (at least 5.3) /bin/true and /bin/false are shell scripts,
starting with #!/sbin/sh and containing nothing but "exit 0" or "exit 255".
(Besides some silly Copyright and Version Information from AT&T).
Is there a possibility that through obscure circumstances a user having
/bin/false or /bin/true as a login shell ends up with /sbin/sh ?
--
> Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
> Visualization / Security / Astrophysics * is a machine <
> lehle@rus.uni-stuttgart.de Tel:+49-711-685-5531 * that runs an <
> http://www.tat.physik.uni-tuebingen.de/~lehle * endless loop <
> pgp? -> finger bernd@visbl.rus.uni-stuttgart.de * in 2 seconds <
