Date: Wed, 23 Jan 2002 04:01:14 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: parv <parv_@yahoo.com> Cc: Cliff Sarginson <cliff@raggedclown.net>, f-q <freebsd-questions@FreeBSD.ORG> Subject: Re: is /usr/bin/passwd advisable as a login shell for ftp only users? Message-ID: <20020123040114.H83184@blossom.cjclark.org> In-Reply-To: <20020123061342.GA92756@moo.holy.cow>; from parv_@yahoo.com on Wed, Jan 23, 2002 at 01:13:42AM -0500 References: <20020123035805.GA92721@moo.holy.cow> <20020123041706.GH1345@raggedclown.net> <20020123061342.GA92756@moo.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 23, 2002 at 01:13:42AM -0500, parv wrote:
[snip]
> i didn't think of the "suid" bit, but was well aware that passwd has
> access to the passwd database.
Actually, that's not the big security risk. The primary risk is that
you give the world pretty much open access to try to brute force the
password with a dictionary attack and no alarms will go off.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020123040114.H83184>