From: Steve Kotsopoulos steve@ecf.toronto.edu
Subject: security - things to be aware of
Date: Wed, 18 Oct 1995 11:57:54 -0400 [thread overview]
Message-ID: <19951018155754.Y3REURIZ3FIhbvdfx0cgMkCEZyWGL5dzO6TBq6mfztI@z> (raw)
If someone sets up their plan9 system according to the manuals, anyone on
the internet can telnet/rlogin in as 'none' without a password and steal
all the source code and binaries - saving the price of the CDROM.
The installation notes for the old release said to 'chmod 770 /sys/src'
(to protect the source) but that is not mentioned in the new docs.
Any site allowing anonymous telnet/rlogin should probably chmod /sys/src,
I'm not sure what the lawyers and publisher would say if you don't.
To disable this anonymous access, use the undocumented '-N' option
to aux/telnetd and aux/ftp, which disallows logins as 'none'.
Since aux/rlogin execs aux/telnetd without the '-N' option, the only
protection may be to patch the source, or remove /bin/service/tcp513
Finally, ip/tftpd grants access to any world-readable file.
The main concern here is that people using u9fs as their file server
probably have an /etc/passwd file from their Unix system accessible.
If so, make sure you don't have any encrypted passwords in it,
or someone could steal it and use 'crack' to break the passwords.
next reply other threads:[~1995-10-18 15:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
1995-10-18 15:57 Steve [this message]
1995-10-19 13:26 rob
1995-10-19 15:16 dhog
1995-10-19 16:33 Scott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19951018155754.Y3REURIZ3FIhbvdfx0cgMkCEZyWGL5dzO6TBq6mfztI@z \
--to=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).