read protection (was: Re: FTP)

Steve Summit scs at adam.pika.mit.edu
Sat Apr 29 15:20:17 AEST 1989 

In article <5947 at ux.cs.man.ac.uk> dente%man.ee.els at ukacrl.BITNET (Colin Dente) writes:
>In article <43200079 at uicsrd.csrd.uiuc.edu> kai at uicsrd.csrd.uiuc.edu writes:
>>The .netrc file is a potentially *horrible* breach of security.  One of the
>>first rules taught about passwords is "never write them down".
>Okay - I'm fairly new to this Unix sys-admin game, so enlighten me.  Just *how*
>insecure is a file with mode 0X00?

The problem is not so much how insecure they are, but how
insecure they might be.  In principle, of course, there are no
security holes, and files are just as secure as their permissions
indicate.  One problem with files whose security can be breached
just by reading them is that bugs which permit unauthorized
reading are much less deadly and therefore less likely to be
noticed.

If there's a bug that allows unauthorized writing, the first
thing somebody does is scribbles on /etc/passwd or
/usr/lib/crontab, and they break in right away and hopefully you
notice right away, and since this is all fairly high-profile and
dangerous, people are generally very careful not to accidentally
allow unauthorized write access.  A bug which allows unauthorized
read access, on the other hand, doesn't necessary introduce
cascading security breaches at all, and can go undetected
(by good guys or bad guys) for some time.

This is, I'll admit, a circular argument; and quite paranoid,
as it considers bugs which haven't been detected (or even
perpetrated!) yet, but when you care about security it pays
to be paranoid.

If you really can't afford to have anybody see something
(password, privileged information, etc.), don't put it in an
unencrypted file, regardless of the file permissions.  There are
too many ways, including "out of band" ones, for files to be
read.  (Hint: what do your operators do with worn-out backup
tapes?  I've seen then dumped in wastebaskets which were placed
outside the machine room door for the janitors to pick up...)

                                            Steve Summit
                                            scs at adam.pika.mit.edu

More information about the Comp.unix.wizards mailing list