All of this has gotten me to thinking about another flaw in the way I
have things set up.  I'm preventing users from getting to a $ by running
a menu from their profile.

exec /usr/bin/menu

This works fine since the exec causes menu to become their shell
process.

But some smart user could get around this by using pscp to upload their
own .bash_profile.  Even if I fix it so I have them chroot'd on their
home would not prevent this since this file is in their home.

But changing permissions on the .bash_profile so they don't own it (and
not in their group) should take care of that problem.  They can read it
all they want, just not change it.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to