Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 6 Jan 1996 14:30:05 +0100 (MET)
From:      Piero Serini <piero@strider.ibenet.it>
To:        jgreco@brasil.moneng.mei.com (Joe Greco)
Cc:        mbarkah@hemi.com, hackers@FreeBSD.ORG, questions@FreeBSD.ORG
Subject:   Re: Answer to /bin/ls and ftp (should be documented)
Message-ID:  <199601061330.OAA21275@strider.ibenet.it>
In-Reply-To: <199601011606.KAA10803@brasil.moneng.mei.com> from "Joe Greco" at Jan 1, 96 10:06:58 am

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hello.

Quoting from Joe Greco (Mon Jan  1 17:06:58 1996):
> 3.  Copy the new pwd.db and group files into ~ftp/etc, and make them both
> mode 0440.  Change owner to "root.daemon".
> 4.  Copy /bin/ls into ~ftp/bin.  Change owner to "root.daemon", and change
> the mode to 2111...
> 
> Now nobody can access your pwd.db or group files, but ls can, because it is
> a member of the appropriate group...
> 
> I know this may seem overly paranoid to people, but you never know what
> tricks someone might use to gain access to your system, and the lower your
> profile, the safer you may be...

I simply edit the master.passwd I use to generate spwd.db and pwd.db,
I lock out all the accounts I leave in, compile the db and no 's' bit
is needed. My master.passwd looks like:

root:*:0:0::0:0:System Administrator:/:/nonexistant
daemon:*:1:1::0:0:System deamons:/:/nonexistant
bin:*:3:7::0:0:Binaries pseudo-user:/:/nonexistant
games:*:7:13::0:0:Games pseudo-user:/:/nonexistant
news:*:8:8::0:0:News' login:/:/nonexistant
guest:*:32766:31::0:0:Guest login:/:/nonexistant
nobody:*:32767:32767::0:0:Unprivileged user:/:/nonexistant
ftp:*:300:300::0:0:Anonymous FTP login:/usr/ftp:/usr/libexec/ftpd -l
ftp-adm:*:301:301::0:0:FTP Admin:/usr/ftp:/nonexistant
www:*:302:302::0:0:World Wibe Web:/:/nonexistant
www-adm:*:303:302::0:0:World Wibe Web:/:/nonexistant

So there's no user listed, no password, nothing.

Bye,
--
#        $Id: .signature,v 1.12 1995/08/14 12:10:54 piero Exp $
Piero Serini                                            Via Giambologna, 1 
<Piero@Free.IT>                                     I 20136 Milano - ITALY



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199601061330.OAA21275>