[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Allow FTP in, but not shell login

On Wed, Mar 14, 2001 at 11:56:13AM -0000, Neil Grant wrote:
> 
> > /usr/bin/passwd can sometimes be usefull as shell... By the way, check
> > the bugtraq archives -- remote exploits for accounts with /bin/false as
> > shell have been seen on there.
> >
> cant seem to find any for these and as I understand it, false and true used
> to be shell scripts - but are now c programs to increase their security

I couldn't find the article I thought of myself -- maybe I read it
somewhere else. The point is that many feel a false sense of security
since they use /bin/false as shell.

Though I did find an example as good as any at:
http://www.securityfocus.com/archive/1/46449

Jörgen
Reply to: