[8196] in bugtraq
FW: More Rconsole stuff
daemon@ATHENA.MIT.EDU (Tyson Boellstorff)
Tue Oct 13 16:46:08 1998
Date: Mon, 12 Oct 1998 16:00:55 -0500
Reply-To: "tboellst@willinet.net" <tboellst@willinet.net>
From: Tyson Boellstorff <tboellst@WILLINET.NET>
To: BUGTRAQ@NETSPACE.ORG
> That's not correct. By default, users don't have access to SYS:ETC. If you
>grant them access here, then you're asking for trouble because the only modules
>that need access to this directory are the NLMs (NetWare Loadable Modules) that
>run on the server.
Further, if you are loading crontab.nlm, or using any of the goodies in the toolbox nlm,
you can basically kiss control of your server goodbye...
>> The patch would be to call remote from another NCF file which is stored
>> in the SYS:SYSTEM directory. This will at least limit access to only
>> Admins. This will also prevent Inetcfg from trying to grab it. Of course
>> the real fix would be to not use Rconsole. ;)
> This is a good solution if users do have access to SYS:ETC, but if your users
>do have access to SYS:ETC then it is time to find out why.
Tyson Boellstorff CNE
