Re: noboby with a shell !!

To: debian-security@lists.debian.org
Subject: Re: noboby with a shell !!
From: francois@tourde.org (François TOURDE)
Date: 26 Mar 2003 15:58:27 +0100
Message-id: <[🔎] 874r5qkwdo.fsf@tourde.org>
Reply-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3E81AA6A.9060701@ifrance.com>
References: <[🔎] 3E81827A.4000709@ifrance.com> <[🔎] 20030326111158.GB2620@sven.home.hoaxter.de> <[🔎] 3E81AA6A.9060701@ifrance.com>

Yoann <debian-yoann@ifrance.com> writes:

> there is an * in /etc/shadow for nobody, but all services (ftp, web...)
> are running with the uid nobody so if there is an attack on an unknow
> bug (I keep up to date all services) on those services (buffer overflow
> for example),  It's will be unsercure.. .

It will be unsecure even if the shell field is filled with garbage...

1) The buffer overflow kind of attack is to launch a program from
within another, a shell for example.

2) The shell shield (more easy to write than to tell) is used by:

- /bin/login to launch a shell, or a pppd in some case
- /*/ftpd to allow (/bin/true) or disallow (/bin/false) ftp access
- probably lot of others programs.

HTH.

-- 
Reality always seems harsher in the early morning.
-- 
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
eMail: mailto:francois@tourde.org - URL: http://francois.tourde.org/

Reply to:

References:
- noboby with a shell !!
  - From: Yoann <debian-yoann@ifrance.com>
- Re: noboby with a shell !!
  - From: Sven Hoexter <sven@timegate.de>
- Re: noboby with a shell !!
  - From: Yoann <debian-yoann@ifrance.com>

Prev by Date: bind squid to interface
Next by Date: Re: bind squid to interface
Previous by thread: Re: noboby with a shell !!
Next by thread: Re: Re: noboby with a shell !!
Index(es):
- Date
- Thread