Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Jun 2000 14:42:32 +0300
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        phrack_ p h r a c k <phrack_@hotmail.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: BitchX Dangerous?
Message-ID:  <20000625144232.A3337@hades.hell.gr>
In-Reply-To: <20000625043023.1354.qmail@hotmail.com>; from phrack_@hotmail.com on Sun, Jun 25, 2000 at 04:30:23AM %2B0000
References:  <20000625043023.1354.qmail@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
[ freebsd-newbies removed from recipients, cross posting is not good :) ]

On Sun, Jun 25, 2000 at 04:30:23AM +0000, phrack_ p h r a c k wrote:
> I was recently informed that there was a way for a user to type a
> command(s) in BitchX and get a command line,

I do not know about a command line, but most IRC clients that I know of
(epic, BitchX, etc) have the /exec command, which can be used to execute
arbitrary commands on the host that the client is running.
I customarily use this command in aliases such as:

	/alias dns exec /usr/bin/host $0-

But I am not sure if this can be used to gain access to a shell prompt.

> i have a user acct on my box that defaults to BitchX when this user
> ssh's in, if i only want that user to use bitchX but am afraid that
> user knows far more than i and dont want to take the chance of
> something like that happening does anyone know where i could read up
> more on this and how to prevent it

Having bitchx as their login shell does not prevent users from executing
commands on your machine.  Apart from having them run in a chrooted
environment, which is probably too much trouble and does not solve the
problem, I can't think of anything else except for:

a) Making the machine fairly secure with it's user-limits and quotas
   enabled.
b) Giving to anyone you wish, a normal shell, without any special
   priviledges.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
For my public key: finger keramida@ceid.upatras.gr


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000625144232.A3337>