[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVS security question
|
From: |
Greg A. Woods |
|
Subject: |
RE: CVS security question |
|
Date: |
Wed, 4 Feb 2004 15:32:47 -0500 (EST) |
[ On Tuesday, February 3, 2004 at 12:32:42 (-0800), Rick Genter wrote: ]
> Subject: RE: CVS security question
>
> It's probably more secure to set their shell to something that does
> exist but won't function as a shell, like /dev/null or
> /bin/false.
Well it depends on how obscure you make the "fake" name, but no, that's
usually not really any more secure.
However it's a good idea to use a small binary program that simply
prints an error message, and perhaps logs the event.
Even a little shell script that doesn't ever accept any input from the
tty is secure enough:
#! /bin/sh
: ${USER:-UNKNOWN}
logger -i -s -p auth.info -t $0 "The $USER account is currently not
available from `tty`."
exit 1
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <address@hidden>
Planix, Inc. <address@hidden> Secrets of the Weird <address@hidden>
- CVS security question, Pankaj Garg, 2004/02/03
- RE: CVS security question, Jim.Hyslop, 2004/02/03
- RE: CVS security question, Matthew . Riechers, 2004/02/03
- RE: CVS security question, Mark Jaffe, 2004/02/03
- RE: CVS security question, Rick Genter, 2004/02/03
- RE: CVS security question,
Greg A. Woods <=
- Re: CVS security question, Pankaj Garg, 2004/02/03
- RE: CVS security question, Patton, Matthew E., CTR, OSD-PA&E, 2004/02/03