[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS security question

From: Greg A. Woods
Subject: RE: CVS security question
Date: Wed, 4 Feb 2004 15:32:47 -0500 (EST)

[ On Tuesday, February 3, 2004 at 12:32:42 (-0800), Rick Genter wrote: ]
> Subject: RE: CVS security question
> It's probably more secure to set their shell to something that does
> exist but won't function as a shell, like /dev/null or
> /bin/false.

Well it depends on how obscure you make the "fake" name, but no, that's
usually not really any more secure.

However it's a good idea to use a small binary program that simply
prints an error message, and perhaps logs the event.

Even a little shell script that doesn't ever accept any input from the
tty is secure enough:

        #! /bin/sh
        : ${USER:-UNKNOWN}
        logger -i -s -p -t $0 "The $USER account is currently not 
available from `tty`."
        exit 1

                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]