*BSD News Article 63651


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!asstdc.scgt.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!gatech!newsfeed.internetmci.com!howland.reston.ans.net!blackbush.xlink.net!zib-berlin.de!narses.hrz.tu-chemnitz.de!irz401!uriah.heep!news
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: How to permit FTP w/o giving shell access?
Date: 12 Mar 1996 23:22:48 GMT
Organization: Private BSD site, Dresden
Lines: 21
Message-ID: <4i5108$64i@uriah.heep.sax.de>
References: <4i0p0k$jtj@muenchen.photogrammetrie.de> <3144EED8.41C67EA6@freebsd.org>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
NNTP-Posting-Host: localhost.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: knews 0.9.3

"Jordan K. Hubbard" <jkh@FreeBSD.org> writes:

> I guess you could make their shell /bin/sh and then give them a .profile
> that says:
> 
> exit 0

Now all you need to do is telnetting there, and dump a preloaded block
of 10000 ^C's over to the other end.

Nope, *never* use .profile or .login for anything where the user
should not be able to get out.  Always use dedicated scripts if you
can't avoid the shell (those with the #!/path/to/interpreter at the
top).

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)