security - things to be aware of

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Steve Kotsopoulos steve@ecf.toronto.edu
Subject: security - things to be aware of
Date: Wed, 18 Oct 1995 11:57:54 -0400	[thread overview]
Message-ID: <19951018155754.Y3REURIZ3FIhbvdfx0cgMkCEZyWGL5dzO6TBq6mfztI@z> (raw)

If someone sets up their plan9 system according to the manuals, anyone on
the internet can telnet/rlogin in as 'none' without a password and steal
all the source code and binaries - saving the price of the CDROM.

The installation notes for the old release said to 'chmod 770 /sys/src'
(to protect the source) but that is not mentioned in the new docs.
Any site allowing anonymous telnet/rlogin should probably chmod /sys/src,
I'm not sure what the lawyers and publisher would say if you don't.

To disable this anonymous access, use the undocumented '-N' option
to aux/telnetd and aux/ftp, which disallows logins as 'none'.

Since aux/rlogin execs aux/telnetd without the '-N' option, the only
protection may be to patch the source, or remove /bin/service/tcp513

Finally, ip/tftpd grants access to any world-readable file.
The main concern here is that people using u9fs as their file server
probably have an /etc/passwd file from their Unix system accessible.
If so, make sure you don't have any encrypted passwords in it,
or someone could steal it and use 'crack' to break the passwords.

next             reply	other threads:[~1995-10-18 15:57 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1995-10-18 15:57 Steve [this message]
1995-10-19 13:26 rob
1995-10-19 15:16 dhog
1995-10-19 16:33 Scott

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=19951018155754.Y3REURIZ3FIhbvdfx0cgMkCEZyWGL5dzO6TBq6mfztI@z \
    --to=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).