RE: User?s and Shells
From: Golden_Eternity (bhodi_jabir@yahoo.com)
Date: 12/20/02
- Previous message: Christian Hammers: "Re: User?s and Shells"
- In reply to: Philipp Schulte: "Re: User?s and Shells"
- Next in thread: Small, Jim: "RE: User?s and Shells"
- Maybe reply: Small, Jim: "RE: User?s and Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Golden_Eternity" <bhodi_jabir@yahoo.com> To: "'Philipp Schulte'" <pschulte@uni-duisburg.de>, <focus-linux@securityfocus.com> Date: Fri, 20 Dec 2002 14:04:30 -0800
> I don't know why RH does this. But having a valid shell in /etc/passwd
> is not sufficent for an attacker. The account also must have a valid
> password in /etc/shadow (or wherever your OS keeps them). Usually the
> role-accounts look somewhat like this:
<snip>
> The "*" or some other symbol like "!" means, that this is not a valid
> password and so nobody can enter a correct password for this account.
> Phil
In July 2001, there was an ssh issue that affected user accounts with !!
in their password field. This issue wouldn't have been quite as big a
risk for redhat systems, if they had set the shells for these accounts
to be /bin/false or something similar.
So, this isn't an issue in and of itself, but by changing the shells, we
could help mitigate the effect of other potential security issues.
- Next message: Brian Hatch: "Re: User?s and Shells"
- Previous message: Christian Hammers: "Re: User?s and Shells"
- In reply to: Philipp Schulte: "Re: User?s and Shells"
- Next in thread: Small, Jim: "RE: User?s and Shells"
- Maybe reply: Small, Jim: "RE: User?s and Shells"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
