How secure is UNIX?
Dan KoGai
dankg at tornado.Berkeley.EDU
Mon May 28 20:22:35 AEST 1990
In article <9000030 at m.cs.uiuc.edu> carroll at m.cs.uiuc.edu writes:
>---Begin copy---
> Don't you hate it when you leave your password in a .netrc in
> a directory of stuff you ftp'ed over from the web. I sure do.
> Then anyone can just get your password and delete all of your
> files in both accounts. Bummer.
>/* End of text from m.cs.uiuc.edu:comp.unix.questions */
>Perhaps I'm missing something, but it doesn't sound like security
>violation. I assume that you have a .netrc file with your password
>in it. Does FTP check for .netrc specially? If not, then this seems to
>claim that you ftp'd the .netrc and it was that copy that was used,
>not your 600 .netrc.
It might be system dependent but ALL ftp I know refuses to use
.netrc with wrong mode. And my Apollo account was not an exception. As
soon that message appeared I retested ftp and it refused to use .netrc with
group|other bit was set. You can check it out just by chmod-ing your .netrc
and see how ftp would work.
So in this respect, ftp is very well made--it even tells you your
unlocked door. But that Bozo knew another door and .netrc was used just for
another account and it's fair assumption my OCF account (this one), at very
least is still in danger--things suggest that he at least had capability of
anihilating my OCF account and .netrc made situation worse. And he started
with screwing around my ocf account, found my .netrc and read it, rlogin/ftp'd
to my another account, deleted it and deleted the rest of ocf. So the absense
of my password in .netrc could prevent my another account from being anihilated
but still this OCF account is still in danger. And this applies to other
UNIX and other accounts, too.
----------------
____ __ __ + Dan The "raped" Man
||__||__| + E-mail: dankg at ocf.berkeley.edu
____| ______ + Voice: +1 415-549-6111
| |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A
|___ |__|__| +
|____|____ + "What's the biggest U.S. export to Japan?"
\_| | + "Bullshit. It makes the best fertilizer for their rice"
More information about the Comp.unix.questions
mailing list