{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

findholes - From Manifestation Subject Security holes...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
From: Manifestation Subject: Security holes manifest themselves in (broadly) four ways... Date: 11.10.93 ( Please contribute by sending E-Mail to <[email protected]> ... ) [quoting from the comp.security.unix FAQ] Security holes manifest themselves in (broadly) four ways: 1) Physical Security Holes. - Where the potential problem is caused by giving unauthorised persons physical access to the machine, where this might allow them to perform things that they shouldn't be able to do. A good example of this would be a public workstation room where it would be trivial for a user to reboot a machine into single-user mode and muck around with the workstation filestore, if precautions are not taken. Another example of this is the need to restrict access to confidential backup tapes, which may (otherwise) be read by any user with access to the tapes and a tape drive, whether they are meant to have permission or not. 2) Software Security Holes - Where the problem is caused by badly written items of "privledged" software (daemons, cronjobs) which can be compromised into doing things which they shouldn't oughta. The most famous example of this is the "sendmail debug" hole (see bibliography) which would enable a cracker to bootstrap a "root" shell. This could be used to delete your filestore, create a new account, copy your password file, anything. (Contrary to popular opinion, crack attacks via sendmail were not just restricted to the infamous "Internet Worm" - any cracker could do this by using "telnet" to port 25 on the target machine. The story behind a similar hole (this time in the EMACS "move-mail" software) is described in [Stoll].) New holes like this appear all the time, and your best hopes are to: a: try to structure your system so that as little software as possible runs with root/daemon/bin privileges, and that which does is known to be robust. b: subscribe to a mailing list which can get details of problems and/or fixes out to you as quickly as possible, and then ACT when you receive information. >From: Wes Morgan <[email protected]> > > c: When installing/upgrading a given system, try to install/enable only > those software packages for which you have an immediate or foreseeable > need. Many packages include daemons or utilities which can reveal > information to outsiders. For instance, AT&T System V Unix' accounting > package includes acctcom(1), which will (by default) allow any user to > review the daily accounting data for any other user. Many TCP/IP packa- > ges automatically install/run programs such as rwhod, fingerd, and > <occasionally> tftpd, all of which can present security problems. > > Careful system administration is the solution. Most of these programs > are initialized/started at boot time; you may wish to modify your boot
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
> scripts (usually in the /etc, /etc/rc, /etc/rcX.d directories) to pre- > vent their execution. You may wish to remove some utilities completely.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}