Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 1 Jan 1996 21:04:19 -0600 (CST)
From:      Joe Greco <jgreco@brasil.moneng.mei.com>
To:        j@uriah.heep.sax.de (J Wunsch)
Cc:        hackers@FreeBSD.org, questions@FreeBSD.org
Subject:   Re: Answer to /bin/ls and ftp (should be documented)
Message-ID:  <199601020304.VAA11207@brasil.moneng.mei.com>
In-Reply-To: <199601011754.SAA05624@uriah.heep.sax.de> from "J Wunsch" at Jan 1, 96 06:54:02 pm

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> As Joe Greco wrote:
> > 
> > The more paranoid among us will be even more cautious:  you don't want
> > people gaining a comprehensive listing of users on your system as easily as
> > downloading the pwd.db file.  I do something similar but with a twist:
> 
> You could as well install a list of dummy users.

Then you might as well not do it at all (or make 'em all "ftp").  Usually
people want to display the usernames in order to provide an easy to see
correlation between a file and which archive maintainer installed it...

My technique at least minimizes the chances of somebody finding out
complete lists of semi-useful information about users (i.e. what users there
are), and also protects more subtle very-useful information about things
like assigned UID's (think: "someone pulling tricks with NFS").

First rule of security, the less they know, the safer you are.

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199601020304.VAA11207>