Date: Fri, 4 Dec 1998 14:06:35 -0600 From: mike grommet <mgrommet@insolwwb.net> To: <freebsd-questions@FreeBSD.ORG> Subject: Advice on sendmail / execution of programs through .forward Message-ID: <A199D70FC96DD211AD1000609767926103598F@ISIMAIL>
next in thread | raw e-mail | index | archive | help
Hi guys, I need some advice... I block off shell access to my primary server... however one of my users pulled a sneaky one. He executed a xterm shell from his .forward and had it connect to his X server on his personal PC... pretty slick actually, I have to give him that. I never even considered it. Well, naturally I am a bit concerned about this... this particular user is quite benevolent, but what about next time? I mean, it seems quite possible for a user to upload some sort of exploit and an appropriate .forward via ftp, send mail to himself and WHAM. Life gets real bad. Now, its quite convenient to be able to run programs from .forward, procmail comes to mind immediately... So what do you guys suggest to fix this problem the right way? Mike Grommet Unix Systems Adminstrator Internet Solutions, Inc. mgrommet@insolwwb.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A199D70FC96DD211AD1000609767926103598F>