From owner-freebsd-questions Sat Jan 6 10:51:14 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA09543 for questions-outgoing; Sat, 6 Jan 1996 10:51:14 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [192.216.222.3]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA09522 Sat, 6 Jan 1996 10:51:09 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by who.cdrom.com (8.6.12/8.6.11) with ESMTP id KAA12824 ; Sat, 6 Jan 1996 10:50:59 -0800 Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id MAA04091; Sat, 6 Jan 1996 12:47:17 -0600 From: Joe Greco Message-Id: <199601061847.MAA04091@brasil.moneng.mei.com> Subject: Re: Answer to /bin/ls and ftp (should be documented) To: piero@strider.ibenet.it Date: Sat, 6 Jan 1996 12:47:16 -0600 (CST) Cc: jgreco@brasil.moneng.mei.com, mbarkah@hemi.com, hackers@FreeBSD.ORG, questions@FreeBSD.ORG In-Reply-To: <199601061330.OAA21275@strider.ibenet.it> from "Piero Serini" at Jan 6, 96 02:30:05 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-questions@FreeBSD.ORG Precedence: bulk > Quoting from Joe Greco (Mon Jan 1 17:06:58 1996): > > 3. Copy the new pwd.db and group files into ~ftp/etc, and make them both > > mode 0440. Change owner to "root.daemon". > > 4. Copy /bin/ls into ~ftp/bin. Change owner to "root.daemon", and change > > the mode to 2111... > > > > Now nobody can access your pwd.db or group files, but ls can, because it is > > a member of the appropriate group... > > > > I know this may seem overly paranoid to people, but you never know what > > tricks someone might use to gain access to your system, and the lower your > > profile, the safer you may be... > > I simply edit the master.passwd I use to generate spwd.db and pwd.db, > I lock out all the accounts I leave in, compile the db and no 's' bit > is needed. My master.passwd looks like: > > root:*:0:0::0:0:System Administrator:/:/nonexistant > daemon:*:1:1::0:0:System deamons:/:/nonexistant > bin:*:3:7::0:0:Binaries pseudo-user:/:/nonexistant > games:*:7:13::0:0:Games pseudo-user:/:/nonexistant > news:*:8:8::0:0:News' login:/:/nonexistant > guest:*:32766:31::0:0:Guest login:/:/nonexistant > nobody:*:32767:32767::0:0:Unprivileged user:/:/nonexistant > ftp:*:300:300::0:0:Anonymous FTP login:/usr/ftp:/usr/libexec/ftpd -l > ftp-adm:*:301:301::0:0:FTP Admin:/usr/ftp:/nonexistant > www:*:302:302::0:0:World Wibe Web:/:/nonexistant > www-adm:*:303:302::0:0:World Wibe Web:/:/nonexistant > > So there's no user listed, no password, nothing. You've missed the point. :-( 1) I can download your pwd.db and gain some minor bits of useful information (mostly the user-ID used for ftp, ftp-adm, www, and www-adm, but potentially other information like the fact that you appear to be using "/usr/libexec/ftpd -l" for the shell and your ftp area is "/usr/ftp"). This might be useful to me if I discovered that you had a configuration error of some sort at your site. Think: "what if you had inadvertently exported /usr/ftp" for NFS access, even just locally, and I was able to exploit that somehow (i.e. inject bogus NFS packets). It has happened to people in the past. It may simply allow somebody to wreak havoc with your site, but if you don't even have any idea what uid number to use, it becomes more complicated. 2) I like to put my archive-maintainer's user names in in the passwd file. If I have a protected passwd file, I do not need to worry about picking and choosing who I add to the file. I add them ALL. It is very handy to just not have to worry about editing files, creating special versions of pwd.db, and all sorts of other bull. Protect the file and it becomes much less of a concern, and easy to maintain too. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847