Protecting against downloads

Michael P. Deignan mpd at anomaly.sbs.com
Thu Sep 13 09:42:29 AEST 1990


heiser at sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes:

>A *ix sysop I communite with recently told me that he'd caught one of
>his "shell-access" users downloading *ix binaries.  Since I'm getting
>ready to set up my system for public access, this concerns me.  How
>do you all who run public-access systems protect yourselves against this
>kind of thing?  If it went on for long enough, the person could get 
>himself an entire OS for free!!

Well, getting an entire OS for free is a bit far-fetched for a user to
accomplish, since there is a little more to the installation process than
merely copying files off a floppy disk onto a hard drive.

I don't mind shell users downloading binaries, and long as they are from
"freeware" type packages, like ELM, GCC, etc. I get upset when I see 
someone downloading my /bin/sh (which, with the proper patches to the
binary and re-uploaded might become a formidable tool for the wrong user)
which I purchased, and subsequently puts me in violation of my license
agreement. Of course, if someone said to me: "Hey, I just trashed my
/bin/csh, mind if I download yours?" and I know they have the same OS
that I do, then I don't mind too much (although, technically I suppose
that too is a violation of the same license agreement...)

>As far as I can see, we either have to trust the users that we give
>shell access to, or make kermit/sz, etc unavailable to them.  I guess
>we could just make downloads only available thru the "bbs", rather than
>from the shell ...

This is one way to prevent the problem from happening, albeit a bit 
difficult for legitimate shell users to grapple with. I find it is merely
easier to trust someone until they give me reason not to. Of course,
another *NIX user, with 'CU', could still '%get' a file from your system!


Right now, as I'm starting the process of getting a second modem installed
for our system, is wondering how I'm going to prevent shell users from
'<insert-your-favorite-comm-program-here>'ing off on my second line to
BBS's in the UK!

MD
MD
-- 
-- Michael P. Deignan, President     -- Small Business Systems, Inc. --
-- Domain: mpd at anomaly.sbs.com       -- Box 17220, Esmond, RI 02917  --
-- UUCP: ...uunet!rayssd!anomaly!mpd -- Telebit:  +1 401 455 0347    --
-- XENIX Archives: login: xxcp, password: xenix  Index: ~/SOFTLIST   --



More information about the Comp.unix.sysv386 mailing list