Re: off topic: password strategy as an ISP

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: off topic: password strategy as an ISP
From: Pavel Galynin <pgalynin@chipnet.cz>
Date: Thu, 03 Jul 1997 02:16:26 +0200
Message-id: <[🔎] 33BAEF5A.1DE1502A@chipnet.cz>
References: <[🔎] Pine.LNX.3.96.970704144153.569G-100000@dino.nus.de>

hello,

Nils Rennebarth wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Thu, 3 Jul 1997, Pavel Galynin wrote:
> >> attempts to telnet from the one source, but as we've disabled shell
> >> access for dial-in clients it'll just give them motd if they do get in
> >> that way!
> >
> >i'm not at all knowledgeable in linux, but chsh changes a default shell
> >of the user in /etc/passwd. (at least on sunOS)
> Yes, but how do you run it without getting a shell login in the first
> place?

some admins suid cgi scripts, like phf, php, jj and glimpse (the latest
victim). all those buffer overflows in suid shell scripts, uid:0
daemons, etc. enough? ;))

paul


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: off topic: password strategy as an ISP
  - From: Nils Rennebarth <nils@nus.de>

Prev by Date: Re: octave
Next by Date: Re: mc problem
Previous by thread: Re: off topic: password strategy as an ISP
Next by thread: Re: off topic: password strategy as an ISP
Index(es):
- Date
- Thread