How secure is UNIX?

David Elliott dce at smsc.sony.com
Tue May 29 02:22:58 AEST 1990


In article <1990May28.102235.10021 at agate.berkeley.edu> dankg at ocf.Berkeley.EDU (Dan Kogai) writes:
>In article <9000030 at m.cs.uiuc.edu> carroll at m.cs.uiuc.edu writes:
>>in it. Does FTP check for .netrc specially? If not, then this seems to
>>claim that you ftp'd the .netrc and it was that copy that was used,
>>not your 600 .netrc.
>
>	It might be system dependent but ALL ftp I know refuses to use
>.netrc with wrong mode.

Hold on, Dan.  I think that carrol at m.cs.uiuc.edu is asking "when going
a get or a put, does ftp check for .netrc specially".  That is, is it
possible that you did a get/put of everything in a directory, and
that your .netrc got copied to a new place without being protected?

This is what the note you found implied to me as well -- that the
"rapist" found a file called .netrc that wasn't mode 0600, and got
your password from that file.

-- 
David Elliott
dce at smsc.sony.com | ...!{uunet,mips}!sonyusa!dce
(408)944-4073
"If I had a hat the size of Oklahoma, I'd be a happy person."



More information about the Comp.unix.questions mailing list