Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)

To: debian-user@lists.debian.org
Subject: Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
From: Behan Webster <behanw@verisim.com>
Date: Fri, 20 Jun 1997 13:08:47 -0400
Message-id: <[🔎] 33AAB91F.7E331EBC@verisim.com>
References: <[🔎] 9706201656.AA12078@pv3439.vincent.iastate.edu>

Rick Hawkins wrote:
> 
> > already knows the names of these files.  On a Debian 1.3 machine,
> > which uses shadow passwords, essentially the only thing that would be
> > of use for people would be files in your home directory.  And since
> > there are no predictable patterns for these files, it would be
> > difficult to construct a web page that would cause serious harm.
> 
> what about .login or .cshrc?  these seem like prime candidates for
> mischief?

How about ~/.ssh/identity?

Of course security minded people will require a password to
decrypt their personal ssh identity...

And as far as ssh falling back to .rhosts or rlogin, sshd can be
(and should be IMHO) configured to do neither.

Behan

-- 
Behan Webster     mailto:behanw@verisim.com
+1-613-224-7547   http://www.verisim.com/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
  - From: Rick Hawkins <rhawkins@iastate.edu>

Prev by Date: Re: striping, etc.
Next by Date: Re: striping, etc.
Previous by thread: Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
Next by thread: Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
Index(es):
- Date
- Thread