[3014] in bugtraq
Re: ? Trojan /usr/bin/false ?
daemon@ATHENA.MIT.EDU (Elliot Lee)
Thu Jul 25 20:01:38 1996
Date: Thu, 25 Jul 1996 19:06:17 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Elliot Lee <sopwith@redhat.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.BSF.3.91.960725151216.3449A-100000@idiom.com>
On Thu, 25 Jul 1996, Jeremy Brinkley wrote:
> Replacing the default shell with /usr/bin/false (or /bin/false or
> whatever) is a common simple security reccommendation.
Not really. Most systems ship false as a shell script, which is very
vulnerable to environment variable problems.
> Has anyone heard
> of somebody replacing /usr/bin/false with a Trojan version to gain access
> to the non-account accounts (adm, lp, bin, etc...)?
Only if /usr/bin/false is writable by other than root, which is a Bad
Idea.
\\\| Elliot Lee |\\\ || "Claim to fame":
\\\| Red Hat Software |\\\ || What else?
\\\| <sopwith@redhat.com> |\\\ || http://www.redhat.com/
\\\| Webmaster, Programmer, etc |\\\ ||
