Running top without a shell -- more questions
Anthony Atkielski
atkielski.anthony at wanadoo.fr
Sat Feb 5 17:49:00 PST 2005
John writes:
J> No, there are HUGE security concerns. The big problem is that
J> many things have shell escapes. Top, as far as I know, does not.
But it's shell escapes that generally create the security concerns, no?
Except for things like buffer overflows, but of course all FreeBSD
software was written by seasoned programmers who know much better than
to not check for buffer overflows.
J> No, no! I am not suggesting changing the standard software! I'm
J> not saying to change getty or login, just the usual configuration
J> file that controls where the system runs gettys (or xdm, or what
J> have you). This is no more changing "standard software" than
J> making entries in rc.conf.
Hmm ... okay. But I try to avoid changing stuff like that, too. It
always seems to get lost in the shuffle if I have to update the OS.
J> Look - if this makes you more comfortable - just turn off logins
J> ENTIRELY on one ttyv. Then use the program I wrote to just run
J> top on the ttyv on which logins are no-longer allowed. You could
J> start it with cron or /etc/rc.d something instead of /etc/ttys.
J> It doesn't matter how it gets started - the point is, NO LOGIN AT
J> ALL is allowed on that terminal - how is that a security risk?
J>
J> You don't have to log in as top or root or anything - no logins -
J> top just runs as the user YOU specify....
Okay, I'll consider it. Thanks.
--
Anthony
More information about the freebsd-questions
mailing list