For mgetty users with non-trusted shell logins

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

l41484@alfa.ist.utl.pt wrote:
> Never say never. :-) But i think we can say with same assurance, that
> direct dial in access (of untrusted users) is becoming, less and less
> common. For example i myself only use it, when my PPP access is
> unavailable.

That's why we didn't go publish in 1996. *I* have unprotected untrusted
shell dial-ins, and I insist on the security (e.g. by diminushing
the number of suid executables, protections, etc). I was thinking
of myself being an exception (allowing shell dialouts +
mostly safe system). Also, in 1996 I was hoping that the SAK
discussion on the Linux kernel mailing-list would bring something.

It hasn't. And this is my next target, since I believe there might
be a similar attack on console ttys *even with SAK*.

However, it looks like many people are using Linux nowadays in this
fashion, and after all, if you run after all the buffer overflow
problems which may or not be exploited, why not go for the
more fondamental problems too ?

And if noone is concerned, well, fine :)