Path: utzoo!utgpu!water!watmath!clyde!att!mtunx!icus!lenny From: lenny@icus.UUCP (Lenny Tropiano) Newsgroups: comp.sys.att Subject: Re: Security Issues on the 3B1 *LONG* (was Re: Help needed with 7300) Summary: I stand corrected... Message-ID: <400@icus.UUCP> Date: 22 Jun 88 00:38:53 GMT References: <5997@uwmcsd1.UUCP> <9300074@bradley> <742@rush.cts.com> <397@icus.UUCP> Organization: ICUS Software Systems, Islip, New York Lines: 25 In article <397@icus.UUCP>, lenny@icus.UUCP (Lenny Tropiano) writes: [some of my babbling left out] ... |> |> 2. EXPERT syntax for the user agent has wholes. Login's like "tutor" |> can very easily get a "shell" by creating a file in the Filecabinet |> and then doing a shell-escape from "vi" with ":shell". |> |> [Best solution: remove tutor login and don't rely on EXPERT] |> |> [Fair Solution: put a password on tutor] |> I stand corrected by Bob Ames (bob@rush.cts.com)... He says, "It's even easier than that... just type /bin/shinto *ANY* office style window." -- US MAIL : Lenny Tropiano, ICUS Software Systems IIIII CCC U U SSS PO Box 1 I C U U S Islip Terrace, New York 11752 I C U U SS PHONE : (516) 968-8576 [H] (516) 582-5525 [W] I C U U S TELEX : 154232428 [ICUS] IIIII CCC UUU SSS AT&T MAIL: ...attmail!icus!lenny UUCP : ...{talcott, boulder, pacbell, sbcs, mtune, bc-cis}!icus!lenny