Re: noboby with a shell !!

To: debian-security@lists.debian.org
Subject: Re: noboby with a shell !!
From: "Noah L. Meyerhans" <noahm@debian.org>
Date: Wed, 26 Mar 2003 10:50:48 -0500
Message-id: <[🔎] 20030326155048.GW666@morgul.net>
Mail-followup-to: "Noah L. Meyerhans" <noahm@debian.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20030326111158.GB2620@sven.home.hoaxter.de>
References: <[🔎] 3E81827A.4000709@ifrance.com> <[🔎] 20030326111158.GB2620@sven.home.hoaxter.de>

On Wed, Mar 26, 2003 at 12:11:58PM +0100, Sven Hoexter wrote:
> Well yes it could :) As long as the user has no valid password it's not very
> usefull. Take a look into the /etc/shadow and in the second field you'll find
> ! or * indicating that this user has a invalid password. See man 5 shadow.

That's hardly true.  If an attacker could somehow create an ssh
authorized_keys file, they could log in without a password.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html

Attachment: pgpKL_Z14_arY.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: noboby with a shell !!
  - From: Sven Hoexter <sven@timegate.de>

References:
- noboby with a shell !!
  - From: Yoann <debian-yoann@ifrance.com>
- Re: noboby with a shell !!
  - From: Sven Hoexter <sven@timegate.de>

Prev by Date: Re: bind squid to interface
Next by Date: Re: Re: noboby with a shell !!
Previous by thread: Re: Re: noboby with a shell !!
Next by thread: Re: noboby with a shell !!
Index(es):
- Date
- Thread