Xref: utzoo alt.security:1559 alt.bbs:2955 comp.unix.sysv386:442 Path: utzoo!attcan!uunet!rayssd!sud509!heiser@tdw201.ed.ray.com From: heiser@tdw201.ed.ray.com Newsgroups: alt.security,alt.bbs,comp.unix.sysv386 Subject: Re: Protecting against downloads Message-ID: <2439@sud509.ed.ray.com> Date: 17 Sep 90 15:12:34 GMT References: <22@tdw205.ed.ray.com> Sender: heiser@sud509.ed.ray.com (Bill Heiser - Unix Sys Admin @ Raytheon Company, Sudbury MA) Organization: Raytheon Company, Sudbury MA Lines: 37 In article epeterson@encore.com writes: > >What you might do is write a shell script (or hack the xmodem, kermit, >or sz code) to check the user and group ID for each file that is being >attempted to be transferred. If the UID and GID are "root" or "sys" >or "bin" or some other system ID, then deny access to the file. >Otherwise, let it go through as normal. This sounds like an interesting idea. I'll have to give it some thought. >There is also a command under System V called "chroot". What that Another interesting idea. Maybe building a "mini file system", and chrooting to it for remote shell users would give them the stuff they need, yet protect me. >| Run an MS-DOS system. > >ACK!! What makes MS-DOS so much better than Unix? If I had DOS shell >access, I could still download the DOS binaries, so the problem would >still exist, right? How would you solve it with a DOS system? > I run an MSDOS system now -- that's EXACTLY what I'm trying to get away from! No sysop in their right mind would give any dos bbs users shell access! There is NO security whatsoever under msdos... -- Work: heiser@tdw201.ed.ray.com {decuac,necntc,uunet}!rayssd!tdw201!heiser Home(1): bill%unixland.uucp@world.std.com -or- uunet!world!unixland!bill Public Access Unix Coming Soon! Home(2): Bill.Heiser@f240.n322.z1.fidonet.org (BBS: 1-508-655-3848) Other: heiser@world.std.com (Pub. Access Unix)