Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!brl-adm!adm!neville@ads.arpa
From: neville@ads.arpa
Newsgroups: comp.unix.wizards
Subject: \"special\" shells a security hole?
Message-ID: <3953@brl-adm.ARPA>
Date: Tue, 27-Jan-87 22:40:24 EST
Article-I.D.: brl-adm.3953
Posted: Tue Jan 27 22:40:24 1987
Date-Received: Thu, 29-Jan-87 03:27:31 EST
Sender: news@brl-adm.ARPA
Lines: 21

i've just been trying to decide whether to password some accounts on our
system that run special programs instead of a normal shell.  If a program,
e.g. a bulletin-board system, does not allow shell escapes is it relatively
secure even if it doesn't run in a chroot'd environment?  i'm sure most of
you can think of the more apppriate examples that i'm reluctant to mention
here.  The director of our lab leans toward the paranoid side, and is sure
that such password entries represent holes that need to be plugged.  Thanks.

							-neville




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
U.S. Mail:  Neville D. Newman
	    Advanced Decision Systems
	    201 San Antonio Circle, Suite 286
	    Mountain View, CA  94040-1289

Phone:	    (415) 941-3912
Net mail:   neville@ads.arpa	(internet-relative)