Bugtraq mailing list archives

Re: ? Trojan /usr/bin/false ?

From: Bernd.Lehle () RUS Uni-Stuttgart DE (Bernd Lehle)
Date: Tue, 13 Aug 1996 11:27:05 +0200


Replacing the default shell with /usr/bin/false (or /bin/false or
whatever) is a common simple security reccommendation.  Has anyone heard
of somebody replacing /usr/bin/false with a Trojan version to gain access
to the non-account accounts (adm, lp, bin, etc...)?


I have never heard that. But talking about true/false as login shells:
On IRIX (at least 5.3) /bin/true and /bin/false are shell scripts,
starting with #!/sbin/sh and containing nothing but "exit 0" or "exit 255".
(Besides some silly Copyright and Version Information from AT&T).
Is there a possibility that through obscure circumstances a user having
/bin/false or /bin/true as a login shell ends up with /sbin/sh ?



--

Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
     Visualization / Security / Astrophysics       * is a machine    <
lehle () rus uni-stuttgart de   Tel:+49-711-685-5531  * that runs an    <
  http://www.tat.physik.uni-tuebingen.de/~lehle    * endless loop    <
 pgp? -> finger bernd () visbl rus uni-stuttgart de   * in 2 seconds    <

Current thread:

Re: ? Trojan /usr/bin/false ? Bernd Lehle (Aug 13)
- Re: ? Trojan /usr/bin/false ? Alan Cox (Aug 13)