\"special\" shells a security hole?
neville at ads.arpa
neville at ads.arpa
Wed Jan 28 13:40:24 AEST 1987
i've just been trying to decide whether to password some accounts on our
system that run special programs instead of a normal shell. If a program,
e.g. a bulletin-board system, does not allow shell escapes is it relatively
secure even if it doesn't run in a chroot'd environment? i'm sure most of
you can think of the more apppriate examples that i'm reluctant to mention
here. The director of our lab leans toward the paranoid side, and is sure
that such password entries represent holes that need to be plugged. Thanks.
-neville
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
U.S. Mail: Neville D. Newman
Advanced Decision Systems
201 San Antonio Circle, Suite 286
Mountain View, CA 94040-1289
Phone: (415) 941-3912
Net mail: neville at ads.arpa (internet-relative)
More information about the Comp.unix.wizards
mailing list