Your Distro is Insecure: Ubuntu
Ante Karamatić
ivoks at grad.hr
Tue Apr 14 16:46:16 UTC 2009
U Uto, 14. 04. 2009., u 09:23 -0700, Kees Cook je napisao/la:
> On Tue, Apr 14, 2009 at 06:09:39PM +0200, Ante Karamati?? wrote:
> > Next are users with /bin/bash. If those users would have /bin/false,
> > they won't be able to run jobs from cron.
>
> The idea that setting a shell makes a service user vulnerable to
> exploitation is ridiculous. If a service were exploited, the attacker
> would have arbitrary code control, and could spawn whatever program they
> wanted, regardless of the configured shell.
That's correct. Anyway, my claim that a user wouldn't be able to use
cron if it has /bin/false shell, is wrong.
More information about the ubuntu-server
mailing list