Re: [cobalt-users] Bug,- Security Risk, or May Bad?

[Sonny Kupka <sonny@xxxxxxxxxxxx>]

That's not the problem I'm having at all..

I made a virtual domain. Only thing it gets is Front Page Extensions.
I made a user for the domain and made him ADMIN. No Telnet Access / No 
Shell Access

Now the domain has NO TELNET and the ADMIN has NO TELNET rights BUT the 
ADMIN can create accounts that are ALLOWED to TELNET to a DOMAIN that has 
NO TELNET rights.

---
Sonny



At 01:56 PM 3/28/00 -0800, you wrote:
> Sonny Kupka wrote:
>
> > Neither the Site or the Admin user has Telnet/Shell rights.
> >
> > To me this is a bug and a very big security issue.
>
> I just tested this.  I booted my virgin RaQ3i.
>
> I created a dummy site.  <www.foobar.com> at IP# 192.168.0.99.  I
> specifically left unchecked the shell access option.
>
> I created a user, Joe User (username: joe).
>
> I tried telnetting in as Joe.  I got a "you're not allowed" message.
>
> If you're not having the same experience, you need someone either from
> Cobalt or some third-party support company <ahem> to look at your RaQ3.
>
> Jeff
> --
> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> nobaloney.net
> P. O. Box 52672
> Riverside, CA  92517
> voice: (909) 787-8589  *  fax: (909) 782-0205
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users