Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!sdd.hp.com!hplabs!hpda!hpcuhb!hpcllla!hpclisp!defaria@hpclapd.HP.COM From: defaria@hpclapd.HP.COM (Andy DeFaria) Newsgroups: comp.unix.questions Subject: Re: How secure is UNIX? (Re: Stupid man pages) Message-ID: <720016@hpclapd.HP.COM> Date: 8 Jun 90 16:18:07 GMT References: <1990May23.100928.10699@agate.berkeley.edu> Organization: Hewlett-Packard Calif. Language Lab Lines: 37 >/ hpclapd:comp.unix.questions / jik@athena.mit.edu (Jonathan I. Kamens) / 2:46 pm Jun 6, 1990 / >In article <720015@hpclapd.HP.COM>, defaria@hpclapd.HP.COM (Andy >DeFaria) writes: >|> I'm no security guru on Unix but it seems to me that the way around this >|> problem would be to remove this silly restriction and allow ftp (and >|> others?) to send encrypted passwords to the other host. > > I thought I already explained this. Sigh. > > Let's assume that what you said is possible. In that case, I do the >following: > >1. Log into your machine. >2. Grab the encrypted password for root out of the (publicly readable) ^^^^^^^^^^^^^^^^^ > /etc/passwd. >3. "Ftp localhost". >4. Use username "root", and the encrypted password I've already snarfed. > >Presto, I've just ftp'd as root, without ever knowing the root password! > > There is a fundamental concept you're missing -- the act of encrypting >the password and comparing it to the password in /etc/passwd is the >authentication; if you don't do the encryption, you haven't proven anything. > > (How many times am I going to have to explain this?) > >Jonathan Kamens USnail: >MIT Project Athena 11 Ashford Terrace >jik@Athena.MIT.EDU Allston, MA 02134 >Office: 617-253-8495 Home: 617-782-0710 >---------- I thought I explained this. IMHO /etc/passwd should NOT be publicly readable. If this were true then you couldn't ftp as root because you wouldn't even know the encrypted password, which, IMHO, you shouldn't have access to.