[thelist] DJC -- Major Security Hole in Evolt.org? (Take II) My Apologies
Burhan Khalid
burhankh at hotmail.com
Wed Dec 5 23:50:58 CST 2001
Security Hole Scare (Take II - My Apologies)
Upon a recheck (and a calming walk to the fridge) -- looking upon the same
situation, I find that thankfully I am "nobody" -- hence have piddly rights,
but on the script that I was using (MyShell), it has provisions to ban
certain commands from being used (say shutdown, kill, xterm, etc.). I don't
imagine it would be too hard for someone with a little more knowledge than I
to figure out how to get around this limitation. I mean, geez, just the
thought of having remote access to the shell from a web browser scares me.
SSH I can live with. Heck, I used telnet to check my email, but it seems too
easy that someone with just enough knowledge can write a script to do such
things.
The MyShell script itself it but a page long. Thanks a bunch Anthony for the
heads up. I probably would have freaked more if I hadn't realized my lapse
in judgement.
Well, that's was lack of sleep will do to you.
I promise not to worry you guys for the next recommended 9 hours (upon which
time I will be snoozing).
Regards, and good night,
Burhan Khalid
PS> My apologies again. Dare to Evolt!
Note to self > Get more sleep.
Are you sure you are not looking at the site as user "nobody". [ snip ]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the thelist
mailing list