Security broken

02-15-2007

Registered User

23, 0

Join Date: Sep 2006

Last Activity: 1 February 2012, 11:04 AM EST

Posts: 23

Thanks Given: 0

Thanked 0 Times in 0 Posts

Security broken

Hi,

I had a Unixware 7.1.3 server, the clients are connect to server by telnet for to run an aplication. After the login and password, to appears the applications window main, when the client finish his work in that program the connection is out.

One client had been obtain to apears in the unix prompt, after the login window. How??? What I can to see? All log files are good.

Any idea?

By_Jam

View Public Profile for By_Jam

Find all posts by By_Jam

02-24-2007

Administrator Emeritus

9,926, 461

Join Date: Aug 2001

Last Activity: 26 February 2016, 12:31 PM EST

Location: Ashburn, Virginia

Posts: 9,926

Thanks Given: 63

Thanked 461 Times in 270 Posts

Not much info here. But I will make a wild guess. When your clients connect, they probably use an account with a regular shell, like /usr/bin/sh. Then you depend on a .profile or other start-up file to send them to your application. If they hit interrupt fast enough, they can break out of the .profile. If this is your setup, you should change it. Make your application their shell. Then they go straight to it and there is no regular shell for them to break into.

Perderabo

View Public Profile for Perderabo

Find all posts by Perderabo

Cybersecurity

Security broken