Xref: utzoo alt.security:1528 alt.bbs:2916 comp.unix.sysv386:327 Path: utzoo!utgpu!cs.utexas.edu!uunet!bu.edu!mirror!rayssd!anomaly!mpd From: mpd@anomaly.sbs.com (Michael P. Deignan) Newsgroups: alt.security,alt.bbs,comp.unix.sysv386 Subject: Re: Protecting against downloads Message-ID: <3102@anomaly.sbs.com> Date: 12 Sep 90 23:42:29 GMT References: <22@tdw205.ed.ray.com> Followup-To: alt.security Organization: Small Business Systems, Inc., Esmond, RI 02917 Lines: 46 heiser@sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes: >A *ix sysop I communite with recently told me that he'd caught one of >his "shell-access" users downloading *ix binaries. Since I'm getting >ready to set up my system for public access, this concerns me. How >do you all who run public-access systems protect yourselves against this >kind of thing? If it went on for long enough, the person could get >himself an entire OS for free!! Well, getting an entire OS for free is a bit far-fetched for a user to accomplish, since there is a little more to the installation process than merely copying files off a floppy disk onto a hard drive. I don't mind shell users downloading binaries, and long as they are from "freeware" type packages, like ELM, GCC, etc. I get upset when I see someone downloading my /bin/sh (which, with the proper patches to the binary and re-uploaded might become a formidable tool for the wrong user) which I purchased, and subsequently puts me in violation of my license agreement. Of course, if someone said to me: "Hey, I just trashed my /bin/csh, mind if I download yours?" and I know they have the same OS that I do, then I don't mind too much (although, technically I suppose that too is a violation of the same license agreement...) >As far as I can see, we either have to trust the users that we give >shell access to, or make kermit/sz, etc unavailable to them. I guess >we could just make downloads only available thru the "bbs", rather than >from the shell ... This is one way to prevent the problem from happening, albeit a bit difficult for legitimate shell users to grapple with. I find it is merely easier to trust someone until they give me reason not to. Of course, another *NIX user, with 'CU', could still '%get' a file from your system! Right now, as I'm starting the process of getting a second modem installed for our system, is wondering how I'm going to prevent shell users from ''ing off on my second line to BBS's in the UK! MD MD -- -- Michael P. Deignan, President -- Small Business Systems, Inc. -- -- Domain: mpd@anomaly.sbs.com -- Box 17220, Esmond, RI 02917 -- -- UUCP: ...uunet!rayssd!anomaly!mpd -- Telebit: +1 401 455 0347 -- -- XENIX Archives: login: xxcp, password: xenix Index: ~/SOFTLIST --