On Wed, Jan 26, 2000 at 09:23:39PM -0800, Faried Nawaz wrote:
> Stig Hackv�n wrote:
>
> qmail invokes commands with /bin/sh regardless of the user's login shell, so even
>if a user has /bin/false for a shell, that user's .qmail file can be used to gain
>shell access.
>
> And how does someone with /bin/false as their shell put commands in their
> .qmail files?
ftp is one way.
> i consider this to be a qmail bug.
>
> I consider it a site-specific administrative problem.
is it reasonable to use the shell field of the password database to permit or deny
shell access to a username. qmail should respect this.
stig
--
Stig ... Friend of Hacking ... 707-987-3236 work@home
Hackv�n ... http://hackvan.com ... 415-264-8754 mobile
We are {b}Org ... http://brainofstig.AI ... [EMAIL PROTECTED]
