login: no shell: /bin/bash: Permission denied

Bernard Dautrevaux Dautrevaux@microprocess.com
Thu Mar 7 01:23:00 GMT 2002


> -----Original Message-----
> From: Andrew DeFaria [mailto:Andrew@DeFaria.com]
> Sent: Wednesday, March 06, 2002 10:56 PM
> To: cygwin@cygwin.com
> Subject: Re: login: no shell: /bin/bash: Permission denied
> 

	<skipped>

> Regardless, to me it's still would be a large security hole 
> if all one 
> needs to do is:
> 
> $ echo "+" > ~/.rhosts
> 
> to be able to abuse rsh to do something under somebody else's 
> user ID is 
> it not?
> 

Note however that the "echo" above has to be done by "anotheruser"; you
can't do it. Rsh is insecure, but it at least verify that ONLY anotheruser
is able to write to its own "~/.rhosts" :-)

And if you'r e fool enough to do this, you may as well do that:

	$ echo "my password" > ~/THIS_IS_MY_PASSWORD
	$ chmod a+r ~/THIS_IS_MY_PASSWORD

:) :) :) :) 

	Bernard

--------------------------------------------
Bernard Dautrevaux
Microprocess Ingenierie
97 bis, rue de Colombes
92400 COURBEVOIE
FRANCE
Tel:	+33 (0) 1 47 68 80 80
Fax:	+33 (0) 1 47 88 97 85
e-mail:	dautrevaux@microprocess.com
		b.dautrevaux@usa.net
-------------------------------------------- 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list