On Tue, 4 Oct 2005, Andrew McNabb wrote:
On Tue, Oct 04, 2005 at 03:05:00PM -0600, Ross Werner wrote:
Does that work to completely lock someone out?
I guess it all depends on how you define completely locking someone out.
A user can always find a world writeable directory such as /tmp and put
a setuid binary there.
Well, not if they can't get access to the box at all :-)
By "completely locking someone out" I meant "they can't log in or access
files with any method, assuming they can't log in to any other accounts on
the box". No guarantees if that last assumption doesn't hold true :-)
~ Ross
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
