[Bug 456182] Review Request: rssh - Restricted shell for use with OpenSSH, allowing only scp and/or sftp
bugzilla at redhat.com
bugzilla at redhat.com
Tue Oct 28 18:35:49 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=456182
--- Comment #18 from Derek Martin <code at pizzashack.org> 2008-10-28 14:35:48 EDT ---
Some additional examples of badness that can occur if rssh is listed in
/etc/shells:
A malicious user could walk up to someone's terminal while they are away (or
even not looking), quickly run chsh (setting it to rssh), and log the user out,
effectively denying them login access to the machine.
GDM will populate the user browser with an entry for that user, despite the
fact that they will be unable to log in.
Sendmail may allow users to execute arbitrary programs via .forward if their
shell is rssh and it is listed in /etc/shells.
getusershell() will return incorrect information about which shells are valid
login shells.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list