Protecting against downloads

Gary Whisenhunt gwhisen at neutrino.urbana.mcd.mot.com
Fri Sep 14 05:37:08 AEST 1990


In article <22 at tdw205.ed.ray.com>, heiser at sud509.ed.ray.com (Bill Heiser
- Unix Sys Admin) writes:
|> 
|> A *ix sysop I communite with recently told me that he'd caught one of
|> his "shell-access" users downloading *ix binaries.  Since I'm getting
|> ready to set up my system for public access, this concerns me.  How
|> do you all who run public-access systems protect yourselves against this
|> kind of thing?  If it went on for long enough, the person could get 
|> himself an entire OS for free!!
|> 
|> As far as I can see, we either have to trust the users that we give
|> shell access to, or make kermit/sz, etc unavailable to them.  I guess
|> we could just make downloads only available thru the "bbs", rather than
|> from the shell ...
|> 
|> Anyone else have any ideas on this?  How do you all deal with this?

Change the mode of the binaries that you want to protect to:

	-r-x--x--x

(assuming that they people using this are not the owners of the binaries
which they shouldn't be)

so that people can execute them but can't read them.

You also need to ensure that you can't ptrace one of these executables,
otherwise you can very slowly make copies of the executing images.
I can't really remember which variants of UNIX closed this door.


Gary Whisenhunt
Motorola Inc., MCD - Urbana		gwhisen at urbana.mcd.mot.com
1101 E. University Avenue		..!uiucdcs!udc!gwhisen
Urbana, IL 61801



More information about the Comp.unix.sysv386 mailing list