Mailinglist Archive: opensuse (3236 mails)

[grtoft@xxxxxxxxx (George Toft)]

Jack Barnett wrote:
> 
> ----- Original Message -----
> From: Darren R. Weber <weberdr@xxxxxxxxxxxxx>
> To: Jack Barnett <jbarnett@xxxxxxxxxxxxxxxx>
> Cc: <suse-linux-e@xxxxxxxx>
> Sent: Wednesday, January 05, 2000 5:23 PM
> Subject: Re: [SLE] No shell in /etc/passwd
> 
> > On Wed, 05 Jan 2000, you wrote:
> > > Root has a shell define, it is the only one on the system, everyone else
> > > don't have a shell.  I know root's password, but for security reasons I
> > > disabled telnet login and .rhosts for the root account (DOH!).
> > >
> > > Jack
> >
> > This is a longshot since you probably couldn't go in as root, but
> > what about ftp?  Any way to replace the passwd file or maybe create a
> > link to your shell in the proper location?
> 
> Yep, it worked, download the password file, edit it, upload it as root.  See
> other email.

Pardon me for not contributing to the solution, but it seems to me you have
just exposed a security hole in that server.  The benefits of disabling
root telnet is offset by allowing root ftp.  MOTO.

-- 
George Toft                                  http://www.georgetoft.com

-- 
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx             
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/