NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2001-03

From: Peter Pentchev (roamorbitel.bg)
Date: Tue Mar 06 2001 - 01:24:20 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 06, 2001 at 03:59:52AM +0100, Dag-Erling Smorgrav wrote:
> Adam <bsdxlooksharp.net> writes:
> > What happens if they have a valid ftp account, login, and run !sh ?
>
> They get a shell on the box they're FTPing from.

..which happens to be the box they logged in *to*, since /usr/bin/ftp
is effectively their login shell. Yes, that's bad.

G'luck,
Peter

-- I've heard that this sentence is a rumor.

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]