Date: Wed, 15 Jul 1998 13:06:30 -0400 From: Matthew Hunt <mph@pobox.com> To: Allen Smith <easmith@beatrice.rutgers.edu>, Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at> Cc: Wes Peters <wes@softweyr.com>, tom@uniserve.com, paulo@nlink.com.br, jer@jorsm.com, freebsd-stable@FreeBSD.ORG Subject: Re: Finger and getpwent Message-ID: <19980715130630.A28943@mstar.astro.psu.edu> In-Reply-To: <9807151218.ZM26549@beatrice.rutgers.edu>; from Allen Smith on Wed, Jul 15, 1998 at 12:18:50PM -0400 References: <19980715101943.A27075@mstar.astro.psu.edu> <Pine.GSO.4.00.9807151703420.16276-100000@markab.dbai.tuwien.ac.at> <19980715115537.A28115@mstar.astro.psu.edu> <mph@pobox.com> <9807151218.ZM26549@beatrice.rutgers.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 15, 1998 at 12:18:50PM -0400, Allen Smith wrote: > > But then you are allowing FTP access, which you don't usually want to > > do. Depending on the particulars of your machine, the users could > > run arbitrary commands using .forward. > > I'd point out sendmail's smrsh. Hence "Depending on the particulars of your machine". After all these years, though, I still think it's reasonable to expect invalid shells to prohibit shell and ftp, while not affecting POP, which is the crux of the issue. I think changing it now violates POLA. I also note that my keyboard has a bothersome property of lowercasing the letter "O" when in between other capital letters, which is causing me to type "POP" and "POLA" twice whenever they occur. :-) -- Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon. http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980715130630.A28943>