[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Bug,- Security Risk, or May Bad?

Subject: Re: [cobalt-users] Bug,- Security Risk, or May Bad?
From: "Robert G. Fisher" <rfisher@xxxxxxxxxxxxxxx>
Date: Tue Mar 28 05:26:15 2000

On Mon, Mar 27, 2000 at 10:46:08PM -0600, Sonny Kupka wrote:
> I have not given any rights to this domain or this user for Telnet access, 
> but it seems as though the account I gave Admin rights w/o Telnet access to 
> a Domain I didn't give telnet rights too, can add users and give them 
> telnet rights.

The security risks in this scenario come largely from giving
out multiple admin passwords.  The telnet access checks are
done by setting the user's shell to either a valid or invalid
shell.  

Furthermore, you need to keep in mind that a user's initial
preferences are set up by the administrator and that the
administrator generally has the ability to change a user's
password and shell.  

So not giving an Administrator telnet acces...is not going to
stop them from creating an account with telnet access or
even changing their own account to allow telnet access.

The Cobalt UI does have one major advantage though, because
it wraps these common functions in a UI that they access
through other accounts besides root, they are limited to
what types of changes they can make.  However, the old
addage still holds true that you should not give out 
administrative accounts and/or passwords to people you
can not trust.

-- 
Robert G. Fisher		     NEOCOM Microspecialists Inc. 
System Administrator/Programmer      (540) 666-9533 x 116

References:
- [cobalt-users] Bug,- Security Risk, or May Bad?
  - From: Sonny Kupka

Prev by Date: [cobalt-users] IPPORTFW and IP_MASQ_ICQ
Next by Date: Re: [cobalt-users] samba roaming profiles qube 2
Previous by thread: Re: [cobalt-users] Bug,- Security Risk, or May Bad?
Next by thread: [cobalt-users] [Qube2] htaccess for /home/groups/home

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index