Protecting against downloads
Mike Zeleznik
zeleznik at cs.utah.edu
Fri Sep 14 01:41:37 AEST 1990
In article <epeterso.653228040 at houligan> epeterson at encore.com writes:
>ralphs at halcyon.wa.com (Ralph Sims) writes:
>| heiser at sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes:
>| > A *ix sysop I communite with recently told me that he'd caught one of
>| > his "shell-access" users downloading *ix binaries.
>|
> [ lots deleted ...]
>
>What you might do is write a shell script (or hack the xmodem, kermit,
>or sz code) to check the user and group ID for each file that is being
>attempted to be transferred. If the UID and GID are "root" or "sys"
>or "bin" or some other system ID, then deny access to the file.
>Otherwise, let it go through as normal.
Can't this be circumvented by the user first copying the files to their own
directory, making them owned by the user. Now they are valid for export.
And if you try and change all the possible ways to copy a file, such that
the above checks are made, the user can still load their own copy program
to do it for them, since it doesn't have to run in any priv mode.
Mike
Michael Zeleznik Computer Science Dept.
University of Utah
zeleznik at cs.utah.edu Salt Lake City, UT 84112
(801) 581-5617
More information about the Comp.unix.sysv386
mailing list