Date: Thu, 8 Nov 2001 21:14:04 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "Kutulu" <kutulu@kutulu.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Re[2]: Tiny starter configuration for FreeBSD Message-ID: <00a101c16891$ee108050$0a00000a@atkielski.com> References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com> <20011108102356.B10218@pr0n.kutulu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Can telnet be secured for guest accounts by specifying a shell that really isn't a shell, e.g., a custom-written program that provides no shell-like command access? ----- Original Message ----- From: "Kutulu" <kutulu@kutulu.org> To: "Anthony Atkielski" <anthony@atkielski.com> Cc: "Giorgos Keramidas" <charon@labs.gr>; <freebsd-questions@FreeBSD.ORG> Sent: Thursday, November 08, 2001 16:23 Subject: Re: Re[2]: Tiny starter configuration for FreeBSD > On Thu, Nov 08, 2001 at 09:08:08AM +0100, Anthony Atkielski wrote: > > Giorgos writes: > > > > > I let people login as normal users on my workstation > > > from places like New Zealand, Australia or Canada ... > > > > Via telnet or SSH? > > > > Is there any danger in allowing telnet login of unprivileged users on a system, > > apart from the possibility of compromise of the user's own account? That is, > > There is a danger in letting *any* users log into a system. There are typically > many more ways to exploit programs if you have a local account and can execute > commands, than if you were limited to what packets could get past the various > levels of router/firewall/closed sockets that can drop remote traffic. > > It's also unfortunately the case that, quite often, admins > tend to lag behind in fixing 'local exploit' problems because they tend not to > trigger things like IDS or firewall systems, and don't get as much 'peer press' > as remote exploits. > > This doesn't mean not to allow anyone on your machine ever, but it is a good > argument against letting "everyone" on your machine, as in your anonymous > guest account. And, of course, it means you will have to be that much more > secure and vigilant with your system. > > > --K > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a101c16891$ee108050$0a00000a>