Re: How to limit it ?
> > module and ln wont help you :)
> A quick look at it proves that they use exactly what I suggested before -
> the db passwd access, a fragment of their nsswitch.conf:
>
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> passwd: db
> #shadow: db files nisplus nis
> group: files db
>
> #passwd: files nisplus nis
> shadow: files nisplus nis
> #group: files nisplus nis
>
> #hosts: db files nisplus nis dns
> hosts: files nisplus nis dns
>
> Now, below is just a few lines with the user accounts on the server (I
> removed the real world names, to protect their identity):
>
> abcdefg:x:23361:180::/home/stillfree/abcdefg:/bin/tcsh
> aadi:x:18232:180::/home/stillfree/aadi:/bin/tcsh
> compias:x:12003:180::/home/nextfree/compias:/bin/tcsh
> wieczo76:x:5284:180::/home/free/wieczo76:/bin/tcsh
> greyman:x:540:180::/home/free/greyman:/bin/tcsh
> inferno:x:5701:180::/home/free/inferno:/bin/tcsh
>
> OK,that's enough. Their database has 11888KB, I don't have time to browse it
> all :)). Did I prove to you that your precious module is useless? Besides,
> they probably don't use it. As far as I can tell it's a standard RH 6.x
> system. Setting the /etc and /lib modes to 711 doesn't really help much.
> Again, security by obscurity is not really what security is about....
>
> > > solution for every (un)imaginable shell? You said you have no time - but you
> > > are willing to waste time IMO.
> > >
> > So what is your sollution ?
> PAM.
Ok for me EOT
Thanks all of you, specially mark :)
G.
Reply to: