[thelist] DJC -- Major Security Hole in Evolt.org? (Take II) My Apologies

Burhan Khalid burhankh at hotmail.com
Wed Dec 5 23:50:58 CST 2001


Security Hole Scare (Take II - My Apologies)

Upon a recheck (and a calming walk to the fridge) -- looking upon the same 
situation, I find that thankfully I am "nobody" -- hence have piddly rights, 
but on the script that I was using (MyShell), it has provisions to ban 
certain commands from being used (say shutdown, kill, xterm, etc.). I don't 
imagine it would be too hard for someone with a little more knowledge than I 
to figure out how to get around this limitation. I mean, geez, just the 
thought of having remote access to the shell from a web browser scares me. 
SSH I can live with. Heck, I used telnet to check my email, but it seems too 
easy that someone with just enough knowledge can write a script to do such 
things.

The MyShell script itself it but a page long. Thanks a bunch Anthony for the 
heads up. I probably would have freaked more if I hadn't realized my lapse 
in judgement.

Well, that's was lack of sleep will do to you.
I promise not to worry you guys for the next recommended 9 hours (upon which 
time I will be snoozing).

Regards, and good night,
Burhan Khalid

PS> My apologies again. Dare to Evolt!
Note to self > Get more sleep.

Are you sure you are not looking at the site as user "nobody". [ snip ]

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp





More information about the thelist mailing list