Date: Tue, 01 Dec 1998 19:25:12 -0600 From: David Kelly <dkelly@hiwaay.net> To: Jeff Gray <jwg@netbox.com> Cc: Questions at FreeBSD <freebsd-questions@FreeBSD.ORG> Subject: Re: /etc/passwd - how to protect from spammers Message-ID: <199812020125.TAA07732@n4hhe.ampr.org> In-Reply-To: Message from Jeff Gray <jwg@netbox.com> of "Tue, 01 Dec 1998 10:35:23 PST." <Pine.BSF.3.96.981201103118.4117A-100000@cm110119.cableco-op.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Gray writes: > We run a multiuser system and as /etc/passwd is world readable it is easy > for a spammer to get access to our user list. We limit access via a > restricted shell but do offer pine - easy to attach /etc/passwd. > Restricting pine so as to prohibit attachments would be a severe > restriction. > > A client/user mentioned that in HP Unix there is a > chroot wrapper of some kind which can block this access. Could not find > anything in the FreeBSD archives. Have you tried "chmod go-rwx /etc/passwd" ? I haven't tried it myself under FreeBSD but have had it accidently happen on SGI Irix systems. The biggest thing it breaks is the use of ~ username expansion. Also an "ls -l" will show user id numbers, not names. Under FreeBSD one would have to hack the passwd db utilies as /etc/passwd is just a compatibility dummy file. When a password is changed a new /etc/passwd is written (possibly losing the prior access permissions). /etc/master.passwd is where the real data is kept. Looks like you also need to protect /etc/pwd.db. -- David Kelly N4HHE, dkelly@nospam.hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812020125.TAA07732>