[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Safety of Allowing Access from Internet



On Fri, Dec 06, 2002 at 11:59:24AM +1300, Steve Wright wrote:
> Hans Ekbrand wrote:
>> Steve Wright wrote:

[...]

> >>Consider also, that if an attacker gains entry to a user acount - can 
> >>they then get 'root' privelege on that machine, and the next machine in 
> >>the network.  This must not happen.  The classic way of securing FTP was 
> >>to run the FTP daemon in a 'chroot jail.'  This way, the attacker can 
> >>`cd /` and they don't get your root directory.  8-)  The same could be 
> >>done for your /home directory, I am sure.
> >>
> >
> >I don't get what you mean here.
> >
> 
> I am suggesting that once an attacker is 'in' as a normal user, their 
> quest for 'root' privelege is mostly won.

Again, I think you understate the risk that local users are the black
hats. Or, phrased differently, you already have normal users that are
in, "the attacker" here is just one more of them... One way to secure
a box from local users -and thereby making it harder for an attacker
who has hacked a normal user account- is to REMOVE sudo from the
system, and make su only executable by root. If used in combination
with the noexec option for mount, that gives a pretty tight system.

(If you also disable root-logins from the console in /etc/securetty,
then you can even get away with the attacker getting the root
password, the only way to get in as root is via ssh and the right
secret key)

>  It is important to make sure 
> that the attackers' path towards 'root' is a dead-end, ie, a chroot jail.
> 
> 8-/  I am assuming readers are famailiar with a chroot jail...  (where a 
> program is executed in it's own environment using the `chroot` command.)
> This way, it is impossible for any application (ie, FTP Server) to `cd 
> ../../` back directories to get to the *actual*  /  directory - and 
> therefore impossible for system access except what is specifically 
> copied to the chroot'ed directory.

What if the ftpd hits a buffer overflow, will that be a security risk?

And besides, what good use can there be for ftp in this case. The
users private files should not be accessable for everyone in the
world, and ftp authentication is done in clear text so that is also
ruled out. For file-sharing of general purpose files, there is no need
to use the terminal server for that, is there?

-- 
Hans Ekbrand (http://sociologi.cjb.net) <hans sociologi cjb net>
GnuPG key: 1024D/7050614E (currently active subkey 03CE8884)
Fingerprint: 1408 C8D5 1E7D 4C9C C27E  014F 7C2C 872A 7050 614E
Key available at keyserver.kjsl.com   Encrypted emails prefered.

Attachment: pgp00008.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]