Date: Thu, 16 Nov 2000 04:21:34 -0500 From: "Will Mitayai Keeso Rowe" <mit@mitayai.net> To: "Rossen Raykov" <rraykov@sageian.com>, <kris@FreeBSD.ORG> Cc: <security@FreeBSD.ORG> Subject: RE: Shell acces with not specified shell in /etc/shells (Re: problem using sysinstall) Message-ID: <NEBBIEGPMLMKDBMMICFNIEDLDIAA.mit@mitayai.net> In-Reply-To: <010701c04f51$8d2659e0$4c00000a@sage>
next in thread | previous in thread | raw e-mail | index | archive | help
does ssh check /etc/shells ? -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Rossen Raykov Sent: Wednesday, November 15, 2000 5:15 PM To: kris@FreeBSD.ORG Cc: security@FreeBSD.ORG Subject: Shell acces with not specified shell in /etc/shells (Re: problem using sysinstall) Initially the /etc/shells file contains an empty line (between the comments and the first shell). I tough that this is the reason why login is granted on a person without shell in /etc/passwd. But I ware wrong! I removed this line from /etc/shells and even after that I was able to gain root command prompt after a valid password. The shell is /bin/sh Don't this violate the idea of /etc/shells? Regards, Rossen ----- Original Message ----- From: <kris@FreeBSD.ORG> To: <rraykov@sageian.com> Cc: <kris@FreeBSD.ORG>; <security@FreeBSD.ORG> Sent: Wednesday, November 15, 2000 4:53 PM Subject: Re: problem using sysinstall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIEGPMLMKDBMMICFNIEDLDIAA.mit>