Return to BSD News archive
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!howland.reston.ans.net!xlink.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!not-for-mail From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: disabling ^Z Date: 16 Jul 1995 21:09:15 +0200 Organization: Private FreeBSD site, Dresden. Lines: 25 Message-ID: <3ubo4r$1cg@uriah.heep.sax.de> References: <Pine.ULT.3.91.950703160948.5827A-100000@silver.ucs.indiana.edu> <3tgjlv$239@sanson.dit.upm.es> <justinznbkywcgbkob@virtue.vide.coventry.ac.uk> NNTP-Posting-Host: uriah.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Justin Murdock <justin@vide.coventry.ac.uk> wrote: [Disabling terminal suspend] >I guess you could add "exec sh".... To which avail? FreeBSD's /bin/sh is also a job control shell. :-] Nope. The real problem is hidden deeper. Creating a ``secure guest account'' ain't a matter of enabling or disabling terminal suspend. There are two common strategies: o create a `secure' script login; preferrably done in Perl o create a shell login in a chroot(2)ed environment Both will require basic knowledge of Unix' security aspects, a sysadmin who's not aware of common security problems is likely to establish huge security holes. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)