Xref: utzoo alt.security:1534 alt.bbs:2924 comp.unix.sysv386:354 Path: utzoo!utgpu!cs.utexas.edu!samsung!munnari.oz.au!metro!ipso!craigb From: craigb@ips.oz.au (Craig Bevins) Newsgroups: alt.security,alt.bbs,comp.unix.sysv386 Subject: Re: Protecting against downloads Message-ID: <1990Sep14.034306.16283@ips.oz.au> Date: 14 Sep 90 03:43:06 GMT References: <22@tdw205.ed.ray.com> Organization: IPS Radio and Space Services. Sydney, Australia. Lines: 33 In article <22@tdw205.ed.ray.com> heiser@sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes: >A *ix sysop I communite with recently told me that he'd caught one of >his "shell-access" users downloading *ix binaries. Since I'm getting >ready to set up my system for public access, this concerns me. How >do you all who run public-access systems protect yourselves against this >kind of thing? If it went on for long enough, the person could get >himself an entire OS for free!! It's one thing to have the binaries, but how do you bootstrap them? With time-charged calls, it seems like a pretty expensive way to get yourself a Unix distribution anyway. I have been involved for many years with a public access Unix system where *everybody* has full shell access. I have seen some incredibly stupid and anti-social shenanigans in my time, but never anybody trying to download a free copy of Unix. And we don't have time-charged local calls here in Oz, so it would be a much less expensive proposition. Maybe this person was just a dick-head? >As far as I can see, we either have to trust the users that we give >shell access to, or make kermit/sz, etc unavailable to them. I guess >we could just make downloads only available thru the "bbs", rather than >from the shell ... If your biggest problem with a public access system is that somebody might rip off a few binaries, then you're miles in front of most of the rest of us. If this is really a concern, though, what's wrong with turning off the "other" read bits (i.e. "chmod o-r")? Make sure you don't touch shell scripts, though. csb