|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Bad Advise
Christopher Klaus (cklaus
shadow.net)Sun, 24 Jul 94 16:39:32 EDT
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: smbresearch.att.com: "Re: Bad Advise"
- Previous message: Andrew Beckett: "Re: coredumps on setuid programs."
- Next in thread: smbresearch.att.com: "Re: Bad Advise"
Here is some advise from Sun that I highly recommend you DO NOT DO.
If you look at the MAN page for ftpd, you will see the following
advise:
the following rules are recommended.
~ftp)
Make the home directory owned by ``ftp'' and unwritable
by anyone.
I highly recommend you change that to owned by ``root''. If anyone can log
in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the
main directory and putting .rhosts or .forward there allowing instant
access.
With advise like that, who needs trojans?
--
Christopher William Klaus <cklausshadow.net> <issshadow.net>
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)998-5871.
- Next message: smbresearch.att.com: "Re: Bad Advise"
- Previous message: Andrew Beckett: "Re: coredumps on setuid programs."
- Next in thread: smbresearch.att.com: "Re: Bad Advise"