Date: Sun, 23 Jun 2002 16:23:57 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Lawrence Sica" <lomifeh@earthlink.net>, "Trevor Johnson" <trevor@jpj.net> Cc: <security@FreeBSD.ORG> Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <008901c21afc$4a836100$44ec910c@daleco> References: <20020621210455.F13586-100000@blues.jpj.net> <3D1557A3.4030504@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Lawrence Sica" <lomifeh@earthlink.net>
To: "Trevor Johnson" <trevor@jpj.net>
Cc: <security@FreeBSD.ORG>
Sent: Sunday, June 23, 2002 12:07 AM
Subject: Re: Possible security liability: Filling disks with junk or spam
> Trevor Johnson wrote:
> >>A client recently called me in puzzlement, saying that his system was
> >>misbehaving, and it turned out that this was what had happened. The
address
> >>"news@victim.com" had somehow wound up on quite a few spammers' lists.
He'd
> >>never used or hosted netnews, and so had no need for the pseudo-user.
But that
> >>pseudo-user was there by default, and the system dutifully created a
mailbox
> >>for him/her/it when the very first spam arrived. It started growing by
leaps
> >>and bounds until it was -- I kid you not! -- several hundred megabytes
in
> >>size. At which point the partition ran out of room.
> >>
> >>It seems to me that pseudo-users should be non-mailable, just as a basic
> >>security policy. Ideas for the best way to implement this in the default
> >>install?
> >
> > <snip RFC interp and suggested inetd.conf comments>
>
> Consider that the daily output includes a df output so you just need to
> read your root email ;)
>
> --Larry
>
And that's a great point worthy of a reposting. While it's unfortunate that
someone got their disk filled with junk, it's also seemingly indicative of a
general lack of supervision on that box. The first line of defense is the
scrutiny of the operator, not necessarily the revision of the OS.
One of the reasons I choose FBSD over other servers, especially M$, is
that it's not too hard to do some reading and learn the OS; learn a couple
of easy command line statements and see what's installed, what services are
running, and etc Patience is a virtue, time with a browser a must, but no
rocket science degree is needed.
Perhaps this should be added to /stand/sysinstall:
"You have just installed an operating system. Before you reboot
your
computer, PLEASE take some time and learn just what the thing will be
doing while it sits in your home and/or place of business...."
KDK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008901c21afc$4a836100$44ec910c>