Re: .exrc file security risks
From: Rex Monty di Bona (rex_at_comsmiths.com.au)
Date: 05/04/03
- Previous message: Benjamin A. Okopnik: "Re: .exrc file security risks"
- In reply to: Darren J Moffat: "Re: .exrc file security risks"
- Next in thread: Casper ***: "Re: .exrc file security risks"
- Reply: Casper ***: "Re: .exrc file security risks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 04 May 2003 21:32:45 +1000 To: Darren J Moffat <Darren.Moffat@Sun.COM>
Sigh! and here I was with the modified shell that trapped any command
starting with /bin/su (or just su) and gobbled up the passwords.
I think it should be a rule that you never enter the superuser password
at a public access terminal, let alone a user's shell spawned program (I
can do an X session spy on my self etc, etc, etc.)
Rex.
Darren J Moffat wrote:
> Also remember to do /bin/su -
> rather than just /bin/su (so that $EXINIT isn't passed alone).
- Previous message: Benjamin A. Okopnik: "Re: .exrc file security risks"
- In reply to: Darren J Moffat: "Re: .exrc file security risks"
- Next in thread: Casper ***: "Re: .exrc file security risks"
- Reply: Casper ***: "Re: .exrc file security risks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
