Re: Compromise of the nobody account?
- From: nmm1@xxxxxxxxxxxxx (Nick Maclaren)
- Date: 29 Jan 2008 09:39:55 GMT
In article <hbxnj.31020$yQ1.9177@edtnps89>,
Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:
|>
|> >|> My "su" has a "-m" option that allow root to change to an account with
|> >|> an invalid (or exit immediatly) shell.
|>
|> >One can argue for hours about whether it should do nothing (/bin/true),
|> >flag failure (/bin/false), be non-executable (/dev/null), not exist
|> >or execute "kill -9 0". All have their points.
|>
|> Has anyone ever suggested the last options?
Well, didn't I just do just that? :-)
More seriously, which ones are you asking about? /dev/null and
non-existent files, yes. I tend to favour the former, and have
seen the latter - in particular, they block access via some forms
of FTP, which check the accessibility and executability of the
login shell. I believe that there are some client side programs
that behave similarly.
"kill -9 0" I have not seen, but can think of reasons why it could
be useful. I doubt that they outweigh its disadvantages, though.
Regards,
Nick Maclaren.
.
- References:
- Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- From: Moe Trin
- Re: Compromise of the nobody account?
- From: Unruh
- Re: Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- From: Unruh
- Re: Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- From: Unruh
- Re: Compromise of the nobody account?
- From: Hugo Villeneuve
- Re: Compromise of the nobody account?
- From: Nick Maclaren
- Re: Compromise of the nobody account?
- From: Unruh
- Compromise of the nobody account?
- Prev by Date: Re: Compromise of the nobody account?
- Next by Date: Re: Compromise of the nobody account?
- Previous by thread: Re: Compromise of the nobody account?
- Next by thread: Re: Compromise of the nobody account?
- Index(es):
Relevant Pages
|
|
