Seth Arnold wrote: > > This is not an issue if > > > > a) bin has no passowrd so people cannot log in as bin > > and > > b) nothing on the system is suid bin > > Joey, if bin owns ls, then someone that cracks the bin account (via some > non-interactive means) could replace ls with a version of ls that opens > a port connected to a shell.
It's impossible to crack an account that nothing ever runs as, unless you crack root first. -- see shy jo
