Re: shell of place-holder accounts (shouldn't be a valid shell)
Chris Ulrich writes:
> If a security hole in a program or a misconfigured machine allow a remote
> badguy to put a .rhosts or .ssh/authorized_keys file into the home
> directory of a 'place holder' account, that account suddenly allows the
> badguy onto the machine. Because the placeholder accounts have home
> directories all over the filesystem, almost any innocent NFS
> misconfiguration may allow this to happen.
> I think, though, that the cost of changing these account's shells to
> /bin/false is not high at all. In situations where the account is
> sometimes used for interactive logins or is accessed by su, it is
> reasonable to give that account a live shell, but this should only be
> done on an as needed basis.
Can't many of these accounts get by with no home directory? Perhaps the
prototype passwd entry for these accounts should be something like
dummy:*:999:999:::/bin/false
and the policy should say that even if the account needs a shell the home
directory field should be left empty if possible.
--
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: