Re: scp and sftp

To: Jon McCain <jmccain@davlong.com>, debian-security@lists.debian.org
Subject: Re: scp and sftp
From: Chris Reeves <chris.reeves@iname.com>
Date: Mon, 1 Apr 2002 17:14:13 +0100
Message-id: <[🔎] 20020401171413.A2339@galaxy.reevesnet.co.uk>
In-reply-to: <[🔎] 3CA87E47.706DC842@davlong.com>; from jmccain@davlong.com on Mon, Apr 01, 2002 at 10:35:35AM -0500
References: <[🔎] 3CA87E47.706DC842@davlong.com>

On Mon, Apr 01, 2002 at 10:35:35AM -0500, Jon McCain wrote:
> All of this has gotten me to thinking about another flaw in the way I
> have things set up.  I'm preventing users from getting to a $ by running
> a menu from their profile.
> 
> exec /usr/bin/menu
> 
> This works fine since the exec causes menu to become their shell
> process.
> 
> But some smart user could get around this by using pscp to upload their
> own .bash_profile.  Even if I fix it so I have them chroot'd on their
> home would not prevent this since this file is in their home.
> 
> But changing permissions on the .bash_profile so they don't own it (and
> not in their group) should take care of that problem.  They can read it
> all they want, just not change it.

Why not change the users' shell to /usr/bin/menu? 

Bye,
	Chris
-- 
http://www.tuxedo.org/~esr/faqs/smart-questions.html
      __   _
  -o)/ /  (_)__  __ ____  __      Chris Reeves
  /\\ /__/ / _ \/ // /\ \/ /      ICQ# 22219005
 _\_v __/_/_//_/\_,_/ /_/\_\


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: scp and sftp
  - From: Jon McCain <jmccain@davlong.com>

References:
- re: scp and sftp
  - From: Jon McCain <jmccain@davlong.com>

Prev by Date: re: scp and sftp
Next by Date: Re: Debian mail server.
Previous by thread: re: scp and sftp
Next by thread: Re: scp and sftp
Index(es):
- Date
- Thread