Re: file and directory ownership question
From: Volker Birk (bumens_at_dingens.org)
Date: Sat, 1 Nov 2003 15:55:01 +0100
Brad <firstname.lastname@example.org> wrote:
> What I am trying to quantify is what is the real world risk of having
> these files owned by bin as opposed to root and what sort of attacks
> could be carried out?
The problem is, if an attacker manages to exploit a daemon, and
that daemon is run by bin, then he/she can write all files and
directories which are owned by bin.
Best practice is to let root own all directories and files for
global configuration, and to have one user per daemon. Only daemons
which require that should be runned as root, and for every such
daemon one should check if it can be replaced by a daemon which
does not need to have UID 0. Not to say, must it really be sendmail?
With HP-UX you have the problem, that the default configuration is
very unsecure. There are even no shadow passwords as a default, and
the hashes are bad old DES.
The "trusted system" configuration perhaps could be a better choice.
But it has some strange side effects with some applications on HP-UX.
Perhaps, configuring HP-UX manually, and porting PAM and shadow
passwords to it, using MD5 hashes but DES, or authenticating not by
passwd would be a good idea.
> Also are these risks aleviated by disabling the bin account?
No. Not at all.
> Can one
> still su or rsh to bin if it is disabled?
If you disable it by using an illegal hash value (i.e. '*' or '!'),
yes, one can.
-- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:email@example.com http://www.x-pie.de