Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 6 Jan 1996 12:47:16 -0600 (CST)
From:      Joe Greco <jgreco@brasil.moneng.mei.com>
To:        piero@strider.ibenet.it
Cc:        jgreco@brasil.moneng.mei.com, mbarkah@hemi.com, hackers@FreeBSD.ORG, questions@FreeBSD.ORG
Subject:   Re: Answer to /bin/ls and ftp (should be documented)
Message-ID:  <199601061847.MAA04091@brasil.moneng.mei.com>
In-Reply-To: <199601061330.OAA21275@strider.ibenet.it> from "Piero Serini" at Jan 6, 96 02:30:05 pm

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> Quoting from Joe Greco (Mon Jan  1 17:06:58 1996):
> > 3.  Copy the new pwd.db and group files into ~ftp/etc, and make them both
> > mode 0440.  Change owner to "root.daemon".
> > 4.  Copy /bin/ls into ~ftp/bin.  Change owner to "root.daemon", and change
> > the mode to 2111...
> > 
> > Now nobody can access your pwd.db or group files, but ls can, because it is
> > a member of the appropriate group...
> > 
> > I know this may seem overly paranoid to people, but you never know what
> > tricks someone might use to gain access to your system, and the lower your
> > profile, the safer you may be...
> 
> I simply edit the master.passwd I use to generate spwd.db and pwd.db,
> I lock out all the accounts I leave in, compile the db and no 's' bit
> is needed. My master.passwd looks like:
> 
> root:*:0:0::0:0:System Administrator:/:/nonexistant
> daemon:*:1:1::0:0:System deamons:/:/nonexistant
> bin:*:3:7::0:0:Binaries pseudo-user:/:/nonexistant
> games:*:7:13::0:0:Games pseudo-user:/:/nonexistant
> news:*:8:8::0:0:News' login:/:/nonexistant
> guest:*:32766:31::0:0:Guest login:/:/nonexistant
> nobody:*:32767:32767::0:0:Unprivileged user:/:/nonexistant
> ftp:*:300:300::0:0:Anonymous FTP login:/usr/ftp:/usr/libexec/ftpd -l
> ftp-adm:*:301:301::0:0:FTP Admin:/usr/ftp:/nonexistant
> www:*:302:302::0:0:World Wibe Web:/:/nonexistant
> www-adm:*:303:302::0:0:World Wibe Web:/:/nonexistant
> 
> So there's no user listed, no password, nothing.

You've missed the point.  :-(

1) I can download your pwd.db and gain some minor bits of useful information
(mostly the user-ID used for ftp, ftp-adm, www, and www-adm, but potentially
other information like the fact that you appear to be using
"/usr/libexec/ftpd -l" for the shell and your ftp area is "/usr/ftp").
This might be useful to me if I discovered that you had a configuration
error of some sort at your site.  Think:  "what if you had inadvertently
exported /usr/ftp" for NFS access, even just locally, and I was able to
exploit that somehow (i.e. inject bogus NFS packets).  It has happened to
people in the past.  It may simply allow somebody to wreak havoc with your
site, but if you don't even have any idea what uid number to use, it becomes
more complicated.

2) I like to put my archive-maintainer's user names in in the passwd file.
If I have a protected passwd file, I do not need to worry about picking and
choosing who I add to the file.  I add them ALL.  It is very handy to just
not have to worry about editing files, creating special versions of pwd.db,
and all sorts of other bull.  Protect the file and it becomes much less of a
concern, and easy to maintain too.

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199601061847.MAA04091>