user account without password
M.W. Chang
mwchang
Mon May 17 11:56:45 PDT 2004
I understand, but if I set the shell of the user to /home/ele/elebbs,
(elebbs is a program), then the user has no chance to access a shell.
Without a shell, they couldn't try su exploit. What I need to guarantee
was that the program elebbs won't be overflowed to give a shell,
possibly place it inside a chroot jail.
The main problem should be exposing the telnet daemon to the public if I
am to open elebbs for public use. Root will always be denied from the
telnet login prompt.
> shouldn't have a password. In many cases, the first step to a root
> exploit is getting acces to an account, and then using the exploit.
>
--
.~. Might, Courage, Vision. In Linux We Trust.
/ v \ http://www.linux-sxs.org
/( _ )\ Linux 2.4.22-xfs
^ ^ 11:42pm up 2 days, 2:12, 1 user, load average: 1.12, 1.23, 1.26
More information about the Linux-users
mailing list