Re: login_conf vulnerability.
From: Rob Andrews (rob@cyberpunkz.org)
Date: 09/21/01
- Next message: Peter Pentchev: "Re: login_conf vulnerability."
- Previous message: Peter Pentchev: "Re: login_conf vulnerability."
- In reply to: Peter Pentchev: "Re: login_conf vulnerability."
- Next in thread: Peter Pentchev: "Re: login_conf vulnerability."
- Reply: Peter Pentchev: "Re: login_conf vulnerability."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Sep 2001 07:55:40 -0500 From: Rob Andrews <rob@cyberpunkz.org> To: Peter Pentchev <roam@ringlet.net>
On Fri, Sep 21, 2001 at 03:48:34PM +0300, Peter Pentchev wrote:
> Correct me if I'm wrong, but IMHO this will only stop cluebies who do
> not take the time to look and see just *why* the 'default' override
> does not work. What happens when they change their .login.conf file
> and override the 'standard' login class instead?
Users cannot change their login class on the system with .login.conf,
they can only affect certain things such as path statements and such.
Try it yourself and see.. :)
-- Rob Andrews Administrator Cyberpunk Alliance http://www.cyberpunkz.org/ Minneapolis, MN
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Peter Pentchev: "Re: login_conf vulnerability."
- Previous message: Peter Pentchev: "Re: login_conf vulnerability."
- In reply to: Peter Pentchev: "Re: login_conf vulnerability."
- Next in thread: Peter Pentchev: "Re: login_conf vulnerability."
- Reply: Peter Pentchev: "Re: login_conf vulnerability."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
