From owner-freebsd-stable  Wed Jul 15 08:57:44 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA07108
          for freebsd-stable-outgoing; Wed, 15 Jul 1998 08:57:44 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from nexus.astro.psu.edu (nexus.astro.psu.edu [128.118.147.20])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id IAA07103
          for <freebsd-stable@FreeBSD.ORG>; Wed, 15 Jul 1998 08:57:42 -0700 (PDT)
          (envelope-from mph@astro.psu.edu)
Received: from mstar.astro.psu.edu by nexus.astro.psu.edu (4.1/Nexus-1.3)
	id AA15683; Wed, 15 Jul 98 11:55:42 EDT
Received: by mstar.astro.psu.edu (SMI-8.6/Client-1.3)
	id LAA28202; Wed, 15 Jul 1998 11:55:37 -0400
Message-Id: <19980715115537.A28115@mstar.astro.psu.edu>
Date: Wed, 15 Jul 1998 11:55:37 -0400
From: Matthew Hunt <mph@pobox.com>
To: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
Cc: Wes Peters <wes@softweyr.com>, tom@uniserve.com, paulo@nlink.com.br,
        jer@jorsm.com, freebsd-stable@FreeBSD.ORG
Subject: Re: Finger and getpwent
Mail-Followup-To: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>,
	Wes Peters <wes@softweyr.com>, tom@uniserve.com, paulo@nlink.com.br,
	jer@jorsm.com, freebsd-stable@FreeBSD.ORG
References: <19980715101943.A27075@mstar.astro.psu.edu> <Pine.GSO.4.00.9807151703420.16276-100000@markab.dbai.tuwien.ac.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <Pine.GSO.4.00.9807151703420.16276-100000@markab.dbai.tuwien.ac.at>; from Gerald Pfeifer on Wed, Jul 15, 1998 at 05:06:16PM +0200
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Jul 15, 1998 at 05:06:16PM +0200, Gerald Pfeifer wrote:

> In principle you could set the shell to /usr/bin/yes (or any dummy shell)
> and add that to /etc/shells.

But then you are allowing FTP access, which you don't usually want to
do.  Depending on the particulars of your machine, the users could
run arbitrary commands using .forward.

I've always been under the impression that shell and FTP checking
/etc/shells and mail services *not* doing so was a deliberate
design decision, not an oversight.

-- 
Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon.
http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message