Date: Fri, 4 Dec 1998 13:38:50 -0800 (PST) From: Keyser Soze <mkultra@dqc.org> To: mike grommet <mgrommet@insolwwb.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Advice on sendmail / execution of programs through .forward Message-ID: <Pine.NEB.4.05.9812041338100.6051-100000@dqc.org> In-Reply-To: <Pine.NEB.4.05.9812041327240.7918-100000@dqc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
also, you could chagne the perms on the xterm binary to not allow execution, for a very quick solution. On Fri, 4 Dec 1998, Keyser Soze wrote: > you can block access to port 6000 out (if you have a firewall). This will > prevent the xterm from writing to XServers outside your firewall. > > > On Fri, 4 Dec 1998, mike grommet wrote: > > > Hi guys, I need some advice... > > > > I block off shell access to my primary server... > > however one of my users pulled a sneaky one. > > > > He executed a xterm shell from his .forward and had it connect to his X > > server on his personal PC... pretty slick actually, I have to give him that. > > I never even considered it. > > > > Well, naturally I am a bit concerned about this... > > this particular user is quite benevolent, but what about next time? > > > > I mean, it seems quite possible for a user to upload some sort of exploit > > and an appropriate .forward via ftp, send mail to himself and WHAM. Life > > gets real bad. > > > > Now, its quite convenient to be able to run programs from .forward, procmail > > comes to mind immediately... > > > > So what do you guys suggest to fix this problem the right way? > > > > Mike Grommet > > Unix Systems Adminstrator > > Internet Solutions, Inc. > > mgrommet@insolwwb.net > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.05.9812041338100.6051-100000>