Protecting against downloads
Karl Denninger
karl at naitc.uucp
Fri Sep 14 01:48:22 AEST 1990
In article <22 at tdw205.ed.ray.com> heiser at sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes:
>
>A *ix sysop I communite with recently told me that he'd caught one of
>his "shell-access" users downloading *ix binaries. Since I'm getting
>ready to set up my system for public access, this concerns me. How
>do you all who run public-access systems protect yourselves against this
>kind of thing? If it went on for long enough, the person could get
>himself an entire OS for free!!
>
>As far as I can see, we either have to trust the users that we give
>shell access to, or make kermit/sz, etc unavailable to them. I guess
>we could just make downloads only available thru the "bbs", rather than
>from the shell ...
>
>Anyone else have any ideas on this? How do you all deal with this?
Easy. Remove read access for everyone other than root on all the system
executables and files. Now you can't download the files, since you can't
open them for read access.
MOST systems ship with the entire contents of /bin, /usr/bin, and even /etc
readable by world! This, needless to say, is complete garbage; there's no
reason in the world why someone has to have read access to /bin/cc!
I would consider that any manufacturer who does this is at least guilty of
contributory negligence if their software gets stolen. And the list that I
know of includes Microport, AT&T, ISC, SCO, and others. Yep, all the '386
Unix people.
Now, if you are so inclined and decide to, you can actually remove read
access on all these files. Or you can just let them have 'at it, figuring
that the manufacturer wanted them world-readable, since he/she left them
that way.
--
Karl Denninger AC Nielsen
kdenning at ksun.naitc.com
(708) 317-3285
Disclaimer: Contents represent opinions of the author; I do not speak for
AC Nielsen on Usenet.
More information about the Comp.unix.sysv386
mailing list