Bugtraq mailing list archives
Bad Advise
From: cklaus () shadow net (Christopher Klaus)
Date: Sun, 24 Jul 94 16:39:32 EDT
Here is some advise from Sun that I highly recommend you DO NOT DO.
If you look at the MAN page for ftpd, you will see the following
advise:
the following rules are recommended.
~ftp)
Make the home directory owned by ``ftp'' and unwritable
by anyone.
I highly recommend you change that to owned by ``root''. If anyone can log
in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the
main directory and putting .rhosts or .forward there allowing instant
access.
With advise like that, who needs trojans?
--
Christopher William Klaus <cklaus () shadow net> <iss () shadow net>
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)998-5871.
Current thread:
- coredumps on setuid programs. ddzehr () telecom ksu edu (Jul 22)
- Re: coredumps on setuid programs. George Boyce (Jul 22)
- Bad Advise Christopher Klaus (Jul 24)
- Re: Bad Advise smb () research att com (Jul 25)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Chris Ellwood (Jul 25)
- Re: Bad Advise G.J.W. Hagenaars (Jul 26)
- Re: Bad Advise Mark Moraes (Jul 26)
- Re: Bad Advise Philip Yzarn de Louraille (Jul 27)
- Bad Advise Christopher Klaus (Jul 24)
- Re: Bad Advise jim () Tadpole COM (Jul 26)
- Re: Re: Bad Advise Pete Hartman (Jul 26)
- Re: Bad Advise Evil Pete (Jul 26)
- Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
- Re: coredumps on setuid programs. George Boyce (Jul 22)