qmail invokes commands with /bin/sh regardless of the user's login shell, so even if a
user has /bin/false for a shell, that user's .qmail file can be used to gain shell
access.
i consider this to be a qmail bug.
stig
--
Stig ... Friend of Hacking ... 707-987-3236 work@home
Hackv�n ... http://hackvan.com ... 415-264-8754 mobile
We are {b}Org ... http://brainofstig.AI ... [EMAIL PROTECTED]
- Re: big fat qmail-command hole Stig Hackv�n
- Re: big fat qmail-command hole Faried Nawaz
- Re: big fat qmail-command hole Russell Nelson
- Re: big fat qmail-command hole Faried Nawaz
- Re: big fat qmail-command hole petervd
- Re: big fat qmail-command hole Stig Hackv�n
- Re: big fat qmail-command hole Phil Genera
- Re: big fat qmail-command hole Magnus Bodin
- Re: big fat qmail-command hole Russ Allbery
- Re: big fat qmail-command hole Russ Allbery
