user account without password
Net Llama!
netllama
Mon May 17 11:56:46 PDT 2004
On Thu, 11 Dec 2003, M.W. Chang wrote:
> I understand, but if I set the shell of the user to /home/ele/elebbs,
> (elebbs is a program), then the user has no chance to access a shell.
> Without a shell, they couldn't try su exploit. What I need to guarantee
> was that the program elebbs won't be overflowed to give a shell,
> possibly place it inside a chroot jail.
what is elebbs supposed to do? I'd be really surprised if your
implimentation was the best if you feel required not to set passwords.
>
> The main problem should be exposing the telnet daemon to the public if I
> am to open elebbs for public use. Root will always be denied from the
> telnet login prompt.
huh? why are you using telnet for anything? say hello to 1998 and use
ssh.
>
> > shouldn't have a password. In many cases, the first step to a root
> > exploit is getting acces to an account, and then using the exploit.
> >
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lonni J Friedman netllama at linux-sxs.org
Linux Step-by-step & TyGeMo http://netllama.ipfox.com
More information about the Linux-users
mailing list