Re: root access and dselect | ftp

To: Debian Userslist <debian-user@lists.debian.org>
Subject: Re: root access and dselect | ftp
From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>
Date: 25 Feb 1998 22:47:23 +0100
Message-id: <[🔎] 871zwr9x1w.fsf@haitech.martin.home>
In-reply-to: kotsya@u.washington.edu's message of "Wed, 25 Feb 1998 11:57:26 -0800"
References: <[🔎] m0y7mxL-0001aBC@localhost>

kotsya@u.washington.edu (David Stern) writes:

> > The other way for someone to access your computer is by the programs
> > you run to access Internet services.  For example, if you select a
> > link to a Postscript file and look at it using a viewer that allows
> > file operations, it could try to append the line below to your
> > /etc/passwd:
> > 
> > carrot::0:0:/:/bin/sh
> >
> > This is a simple example of why you shouldn't browse the web (or run 
> > unknown programs) as root.  (Another reason is that if something goes
> > wrong, "rm -rf /" does less damage as a user.)
> 
> This is why I was asking about dselect | ftp, because if I'm root, and 
> I'm running ftp via dselect, then isn't this exactly what you're 
> telling me not to do?

Yes, but there is no known way to force the ftpclient to do such
things. The client doesn't accept any commands and any data it gets is,
well, data, so it is not executed, just written to disk.

Ciao,
	Martin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: root access and dselect | ftp
  - From: kotsya@u.washington.edu (David Stern)
- Re: root access and dselect | ftp
  - From: Carey Evans <c.evans@clear.net.nz>

References:
- Re: root access and dselect | ftp
  - From: kotsya@u.washington.edu (David Stern)

Prev by Date: Re: Where did /usr/tmp go?
Next by Date: Re: module configuration
Previous by thread: Re: root access and dselect | ftp
Next by thread: Re: root access and dselect | ftp
Index(es):
- Date
- Thread