[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] SSH/Shell Access Concern
- Subject: [cobalt-users] SSH/Shell Access Concern
- From: "W.E.B.S Ltd - awebcompany.net \(J Williams\)" <justin.williams@xxxxxxxxxxxxxxx>
- Date: Tue Feb 20 23:55:35 2001
- Organization: Web Enterprise Business Solutions Limited
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I'm a newbie to servers and learning the hard way it seems. I have a book which is helping but has brought about this query.
With a virtual site administrator enabled with shell access, it seems that using SSH the user can log onto his domain, and gain root
access by simply typing cd ../../
I've tried it with various user passwords and anyone with shell enabled can get everywhere within the system. I can get into any
other virtual site, the home directory and root level!
Maybe I'm wrong but this seems very dangerous! Should site administrators with shell access be able to do this?
The following patches are installed on my RAQ4i and I cant see a patch that stops this.. Please give me some advise.
Many Thanks
Justin
Relational Database Server and Client tools by InterBase. Release V6.0
Cobalt OS Release 6.0
RaQ4-All-Security Release 0.0.1-8008
RaQ4-All-Security Release 0.0.1-8061
RaQ4-All-System Release 0.0.1-7565
RaQ4-All-System Release 0.0.2-7709
Webalizer RaQ3/4 Release 2.00.12-2
begin 666 Justin Williams.vcf
M0D5'24XZ5D-!4D0-"E9%4E-)3TXZ,BXQ#0I..E=I;&QI86US.TIU<W1I;CL[
M37(-"D9..DIU<W1I;B!7:6QL:6%M<PT*3U)'.E<N12Y"+E,@3'1D.TAE860@
M3V9F:6-E#0I4251,13I$:7)E8W1O<@T*3D]413M%3D-/1$E.1SU154]4140M
M4%))3E1!0DQ%.E=E8B!%;G1E<G!R:7-E($)U<VEN97-S(%-O;'5T:6]N<R!,
M:6UI=&5D(&%R92!.97<@365D:6$@1&5V96QO<&5R<R!B87-E9"!I;B ]#0I3
M=7)R97DN(%=E(&%R92!#97)T:69I960@0V]R<&]R871E($UE;6)E<G,@;V8@
M=&AE($)R:71I<V@@5V5B($1E<VEG;B F($UA<FME/0T*=&EN9R!!<W-O8VEA
M=&EO;B!A;F0@87)E(&%S<V]C:6%T960@=VET:"!T:&4@9F]L;&]W:6YG(&-O
M;7!A;FEE<SL],$0],$$],$0]#0H],$%';VQD(%!A<G1N97)S('=I=&@@06-T
M:6YI8R!E0V]M;65R8V4@4V]F='=A<F4@4$Q#/3!$/3!!2&]S=&EN9R!087)T
M;F5R(&9O/0T*<B!4:&%W=&4@26YT97)N970@4V5C=7)I='D],$0],$%/9F9I
M8VEA;"!.;VUI;F5T($1O;6%I;B!.86UE(%)E9VES=')A<CTP1#T-"CTP05=O
M<FQD<&%Y($%F9FEL:6%T92!087)T;F5R("AO;BUB86YK:6YG*3TP1#TP03TP
M1#TP05!L96%S92!V:7-I=#H@:'1T<#HO+W<]#0IW=RYA=V5B8V]M<&%N>2YN
M970@9F]R(&UO<F4@:6YF;W)M871I;VX],$0],$$],$0],$%4:&%N:WEO=3TP
M1#TP00T*5$5,.U=/4DL[5D])0T4Z,#@T-2 S-#4@,C,S-@T*5$5,.T-%3$P[
M5D])0T4Z,#<W,S,M,# T-38X#0I414P[5T]22SM&05@Z,#@T-2 S-#4@,C,S
M-PT*0412.U=/4DLZ.TQE871H97)H96%D.U @3R!";W@@-C L.TQE871H97)H
M96%D.U-U<G)E>3M+5#(R(#=!3CM52PT*3$%"14P[5T]22SM%3D-/1$E.1SU1
M54]4140M4%))3E1!0DQ%.DQE871H97)H96%D/3!$/3!!4"!/($)O>" V,"P]
M,$0],$%,96%T:&5R:&5A9"P@4W5R<F5Y($M4,C(@-T%./3!$/3!!54L-"E52
M3#IH='1P.B\O=W=W+F%W96)C;VUP86YY+FYE= T*55),.FAT=' Z+R]W=W<N
M87=E8F-O;7!A;GDN;F5T#0I%34%)3#M04D5&.TE.5$523D54.FIU<W1I;D!A
M=V5B8V]M<&%N>2YN970-"D5-04E,.TE.5$523D54.G-A;&5S0&%W96)C;VUP
M86YY+FYE= T*14U!24P[24Y415).150Z9&5S:6=N0&%W96)C;VUP86YY+FYE
D= T*4D56.C(P,#$P,C$R5#(P,S Q,%H-"D5.1#I60T%21 T*
`
end