Bugtraq mailing list archives
Re: bin ownership problem
From: lcbginge () antelope wcc edu (Bruce Gingery)
Date: Thu, 19 May 1994 13:33:06 -0600 (MDT)
And on ONE system of my acquaintance, bin was for some reason set to uid=0, left defaulted to /bin/sh and / and null passworded. I'm certainly not going to post WHERE this was, but suffice that it's networked and is not *this* host nor directly connected to it. The report of that condition was from another party who has access to the host. I do not know if this has been corrected. If anyone is "lurking" here a quick grep of passwd might be in order if you have some hosts that are predominantly "left alone", usually accessed via network rather than via directly attached terminals. One more tip - the system I am referring to is a Unix system. The report of this setup is now several months old, so COULD have been discovered and repaired, though I doubt it. On that system, nothing "seems" to be owned by root ;-) Is this the ULTIMATE in security by obscurity? Bruce Gingery --- bruce () TotSysSoft com lcbginge () antelope wcc edu NeXT-mail and MIME-mail welcome On Thu, 19 May 1994, Perry E. Metzger wrote:
Brian Parent says:Ok, I'll expose my ignorance and ask, what is the specific vulnerability of bin owned files? I understand how it is a problem on NFS exported files to insecure hosts, but what is the risk for files/dirs on a locally non-exported file system? What about groups, is bin a bad group also?1) Someday, your file system might end up being exported. 2) On many systems, breaking bin is easier than breaking root. Perry
Current thread:
- Re: permissions, (continued)
- Re: permissions Howard the Energizer (May 17)
- Re: permissions Perry E. Metzger (May 17)
- Re: permissions Howard the Energizer (May 17)
- Re: permissions Bruce Gingery (May 17)
- Re: permissions Perry E. Metzger (May 17)
- Re: permissions Daniel Azuelos (May 17)
- Re: permissions rik.harris () vifp monash edu au (May 18)
- bin ownership problem Brian Parent (May 18)
- Re: bin ownership problem jmc () gnu ai mit edu (May 18)
- Re: bin ownership problem Casper Dik (May 19)
- Re: bin ownership problem Perry E. Metzger (May 19)
- Re: bin ownership problem Bruce Gingery (May 19)
- Re: permissions Howard the Energizer (May 17)
- Re: permissions Evil Pete (May 17)
- Re: Re: permissions Pete Hartman (May 17)
- Re: permissions Brad Powell - Sun CIS (May 18)