"John Blumel" <[EMAIL PROTECTED]> wrote: > I've played with this and it seems to work ok. How would you evaluate > this as a security risk?
It's not a serious risk, in my opinion. The only thing I would do is to limit where people can telnet from. You should allow telnets from your dial-up pool, and not much else. If you used ssh instead of telnet, that would be even better. > Theoretically, the worst case is that someone changes the password > that they've stolen and I have to reset it but how much should I > worry about buffer overflow or other attacks with passwd or > replacements as the shell? If 'passwd' has a buffer overflow, then people with shell accounts will be able to become root. I wouldn't worry too much. 'passwd' is one of the most closely examined programs for security risks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
