Bugtraq mailing list archives
Re: ? Trojan /usr/bin/false ?
From: sopwith () redhat com (Elliot Lee)
Date: Thu, 25 Jul 1996 19:06:17 -0400
On Thu, 25 Jul 1996, Jeremy Brinkley wrote:
Replacing the default shell with /usr/bin/false (or /bin/false or whatever) is a common simple security reccommendation.
Not really. Most systems ship false as a shell script, which is very vulnerable to environment variable problems.
Has anyone heard of somebody replacing /usr/bin/false with a Trojan version to gain access to the non-account accounts (adm, lp, bin, etc...)?
Only if /usr/bin/false is writable by other than root, which is a Bad Idea. \\\| Elliot Lee |\\\ || "Claim to fame": \\\| Red Hat Software |\\\ || What else? \\\| <sopwith () redhat com> |\\\ || http://www.redhat.com/ \\\| Webmaster, Programmer, etc |\\\ ||
Current thread:
- bin owned system files Robert E. Adams (Jul 25)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)
- Re: ? Trojan /usr/bin/false ? Elliot Lee (Jul 25)
- Re: bin owned system files Gene Spafford (Jul 25)
- Re: bin owned system files Colin Jenkins (Jul 26)
- Re: bin owned system files Gene Spafford (Jul 26)
- Re: bin owned system files Jungseok Roh (Jul 26)
- <Possible follow-ups>
- Re: bin owned system files William McVey (Jul 26)
- Re: bin owned system files dsiebert () icaen uiowa edu (Jul 26)
- Re: bin owned system files Bruce Barnett (Jul 26)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)