Re: off topic: password strategy as an ISP
On Sat, Jul 05, 1997 at 07:44:02AM +1000, John Foster wrote:
> On Fri, 4 Jul 1997 Martin.Bialasinski@uni-koeln.de wrote:
> >
> > #!/bin/sh
> > cat <<__EOF__
> > No telnet login allowed.
> >
> > ** Insert the motd here **
> >
> > __EOF__
> > sleep 5
> > exit 0
> >
>
> And if the remote user managed to interrupt it would they get
> /bin/sh?, with EUID 0?
>
> And what if the sleep call was suspended?
>
> I don't think a shell script could ever be a secure shell...
If they interrupted the script, the interpreter (/bin/sh) would
exit, and so there'd be nothing left running. And it wouldn't be root
anyway -- setuid scripts are not allowed (by the kernel) because
they are prone to security problems.
hamish
--
Hamish Moffatt, StudIEAust moffatt@yallara.cs.rmit.edu.au
Student, computer science & computer systems engineering. 3rd year, RMIT.
http://hamish.home.ml.org/ (PGP key here) CPOM: [***** ] 50%
The opposite of a profound truth may well be another profound truth. --Bohr
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: