Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!bionet!agate!tornado.Berkeley.EDU!dankg From: dankg@tornado.Berkeley.EDU (Dan KoGai) Newsgroups: comp.unix.questions Subject: Re: How secure is UNIX? Keywords: Security, ftp Message-ID: <1990May28.102235.10021@agate.berkeley.edu> Date: 28 May 90 10:22:35 GMT References: <100928@<1990May23> <9000030@m.cs.uiuc.edu> Sender: usenet@agate.berkeley.edu (USENET Administrator;;;;ZU44) Reply-To: dankg@ocf.Berkeley.EDU (Dan Kogai) Organization: ucb Lines: 38 In article <9000030@m.cs.uiuc.edu> carroll@m.cs.uiuc.edu writes: >---Begin copy--- > Don't you hate it when you leave your password in a .netrc in > a directory of stuff you ftp'ed over from the web. I sure do. > Then anyone can just get your password and delete all of your > files in both accounts. Bummer. >/* End of text from m.cs.uiuc.edu:comp.unix.questions */ >Perhaps I'm missing something, but it doesn't sound like security >violation. I assume that you have a .netrc file with your password >in it. Does FTP check for .netrc specially? If not, then this seems to >claim that you ftp'd the .netrc and it was that copy that was used, >not your 600 .netrc. It might be system dependent but ALL ftp I know refuses to use .netrc with wrong mode. And my Apollo account was not an exception. As soon that message appeared I retested ftp and it refused to use .netrc with group|other bit was set. You can check it out just by chmod-ing your .netrc and see how ftp would work. So in this respect, ftp is very well made--it even tells you your unlocked door. But that Bozo knew another door and .netrc was used just for another account and it's fair assumption my OCF account (this one), at very least is still in danger--things suggest that he at least had capability of anihilating my OCF account and .netrc made situation worse. And he started with screwing around my ocf account, found my .netrc and read it, rlogin/ftp'd to my another account, deleted it and deleted the rest of ocf. So the absense of my password in .netrc could prevent my another account from being anihilated but still this OCF account is still in danger. And this applies to other UNIX and other accounts, too. ---------------- ____ __ __ + Dan The "raped" Man ||__||__| + E-mail: dankg@ocf.berkeley.edu ____| ______ + Voice: +1 415-549-6111 | |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A |___ |__|__| + |____|____ + "What's the biggest U.S. export to Japan?" \_| | + "Bullshit. It makes the best fertilizer for their rice"