Path: utzoo!utgpu!watmath!uunet!xanth!mcnc!rutgers!mit-eddie!bu-cs!encore!bzs@encore.com From: bzs@encore.com (Barry Shein) Newsgroups: unix-pc.general Subject: Re: /etc/shutdown permissions Message-ID: <4272@encore.UUCP> Date: 24 Nov 88 21:34:43 GMT References: <234@safari.UUCP> <1349@umbc3.UMD.EDU> <426@amanue.UUCP> Sender: news@encore.UUCP Reply-To: bzs@encore.com (Barry Shein) Distribution: unix-pc Organization: Encore Computer Corp Lines: 38 In-reply-to: jr@amanue.UUCP (Jim Rosenberg) From: jr@amanue.UUCP (Jim Rosenberg) >To be truthful, I can hardly believe in light of all the concern for security >prompted by the (apparently) Morris Worm that anyone would seriously propose >leaving 755 permissions on something like /etc/shutdown, for crying out loud! >The off-the-shelf permissions on the 7300 are probably the worst of any >commercially released UNIX box ever seen on the face of the earth. You should >give your machine a thorough going over. Jim, with all due respect, this is awful, panic-stricken advice... If shutdown can be run w/o being root then it should take a 5 line C-program to effect the same thing if you protect it. You are wholly dependent on the fact that some syscalls are root-only and if you can't rely on it you are SOL, no amount of running around shutting off permissions on files will protect you. On my unix-pc running shutdown simply gives an error message and exits. All this kind of advice is doing is panicking people, making them waste their time doing things of questionable value and hence avoiding real issues (or at the very least burying it in a bad signal to noise ratio, distracting folks from understanding what they really need to do to get proper security on their system etc.) I'll turn it on its head, make your /etc/shutdown 755, if executing it from a non-super-uid account does anything then you've got much deeper problems that changing the mode on that file won't help at all and you'd better deal with those problems first. There are certainly ways to improve security *in general* by changing files to correct permissions, but let's get the list of correct, specific suggestions that actually will help before we start hearing "omigod i did as you said and made foo unexecutable and now i can't login/boot/compile [whatever]!!" etc and other incredible wastes of time. -Barry Shein, ||Encore||