How secure is UNIX?

Skip Montanaro montnaro at spyder.crd.ge.com
Wed May 30 01:16:06 AEST 1990


In article <1990May29.022854.22733 at smsc.sony.com> dce at smsc.sony.com (David Elliott) writes:

   I think that the problem here, Sam, is that the .netrc file is "an
   attractive nuisance".  Not only does the .netrc file give you a place
   to put a password, the documentation tells you that this feature won't
   be used if the file is readable by others.  In essence, it is saying
   "it's safe to put passwords here".

Shouldn't the ftp daemon on the receiving end set the file permissions
pessimistically? On Suns at least, the mode on the receiving end is 666.
(Ultrix appears to set the mode to 644, which for the current discussion is
no better than 666.) If the modes are going to be mangled, I'd rather they
were mangled to 600. The case of ~/.netrc is just one problem. As another
example, mail files often contain sensitive information (like passwords :-).
Having them created mode 666 can be just as damaging.
--
Skip (montanaro at crdgw1.ge.com)



More information about the Comp.unix.questions mailing list