Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=456182 --- Comment #18 from Derek Martin <code@xxxxxxxxxxxxxx> 2008-10-28 14:35:48 EDT --- Some additional examples of badness that can occur if rssh is listed in /etc/shells: A malicious user could walk up to someone's terminal while they are away (or even not looking), quickly run chsh (setting it to rssh), and log the user out, effectively denying them login access to the machine. GDM will populate the user browser with an entry for that user, despite the fact that they will be unable to log in. Sendmail may allow users to execute arbitrary programs via .forward if their shell is rssh and it is listed in /etc/shells. getusershell() will return incorrect information about which shells are valid login shells. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review