On 09:43, mercoledė 28 aprile 2004, Michael Messner wrote:
> > ssh passwords... yes you can BUT ssh is for SECURE shell,
> > typing a pw is one of those SECURE things.
>
> yes, I know, but in normal case the user has not enough rights to make
> some bad things and we need an auto-login for this user
He misses the right for execute a his own statically compiled program ??
uhmm... I think you can't easly accomplish this... I can always try to
download a staticaly linked binary and then execute it ... do_brk() exploit
may give you an example of how it's simple for an attacker gain root
privileges from local, if you can't establish the user identity you'll give
such an opportunity to everyone.
--
<?php echo ' Emiliano `AlberT` Gabrielli '."\n".
' E-Mail: AlberT_AT_SuperAlberT_it '."\n".
' Web: http://SuperAlberT.it '."\n".
' IRC: #php,#AES azzurra.com '."\n".'ICQ: 158591185'; ?>
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
