Home page logo
/

bugtraq logo Bugtraq mailing list archives

FW: More Rconsole stuff
From: tboellst () willinet net (Tyson Boellstorff)
Date: Mon, 12 Oct 1998 16:00:55 -0500


       That's not correct.  By default, users don't have access to SYS:ETC.  If you
grant them access here, then you're asking for trouble because the only modules
that need access to this directory are the NLMs (NetWare Loadable Modules) that
run on the server.

Further, if you are loading crontab.nlm, or using any of the goodies in the toolbox nlm,
you can basically kiss control of your server goodbye...

The patch would be to call remote from another NCF file which is stored
in the SYS:SYSTEM directory. This will at least limit access to only
Admins. This will also prevent Inetcfg from trying to grab it. Of course
the real fix would be to not use Rconsole. ;)

       This is a good solution if users do have access to SYS:ETC, but if your users
do have access to SYS:ETC then it is time to find out why.

Tyson Boellstorff CNE



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]