Gentoo Archives: gentoo-security

From: Robert Ullrich <roul76@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] SOLUTION: Prevent users to login directly
Date: Wed, 28 Jul 2004 19:47:14
Message-Id: 20040728214230.5550d60a@springfield
In Reply to: Re: [gentoo-security] SOLUTION: Prevent users to login directly by Mike Frysinger
1 On Wed, 28 Jul 2004 14:47:44 -0400
2 Mike Frysinger <vapier@g.o> wrote:
3
4 > On Wednesday 28 July 2004 02:33 pm, Klaus Wagner wrote:
5 > > > # /emerge/.profile
6 > > > if [ "`echo " $(who) "|grep "^\ $(whoami)\ "`" != "" ]; then
7 > > > echo "Only login via 'su' permitted." >&2
8 > > > exit 1
9 > > > fi
10 > > keep in mind that if emerge user has write access to it's homedir
11 > > (which is quite normal and needed by much applikations) the emerge
12 > > user could easily change (replace) it's own .profile even if it has no
13 > > write permissions to it.
14 >
15 > yep, and you could, in theory, CTRL+C the check couldnt you ?
16
17 As long as you're quick enough... ;-)
18
19 > probably only happen on a very heavily loaded box ... but that's not something
20 > i'd bet security on ;)
21
22 Such a havily 'loaded box' (means: server) won't be administrated by that admin. Only desktop-boxes.
23
24 > -mike
25 >
26 > --
27 > gentoo-security@g.o mailing list
28 >
29
30 --
31 gentoo-security@g.o mailing list