tenny@ootool.dec.com (Dave Tenny) (02/28/91)
I have a real need to allow people I don't really know to dial into my NeXT (running 2.0), as part of a cooperative development effort. While I fully intend to learn as much about them as possible, have them sign some forms, etc., security is still a big issue. Unfortunately, I know very little about Unix (especially NeXT specific) security holes, though in fact I've done quite a bit of security work on non-unix systems. So my general rule of thumb is to leave the NeXT directories and all system files with the protections they have when they ship, except for things modified in /etc for ttys, and UUCP related files. For the directories I want protected from prying eyes, umasks and protections are all appropriate. All accounts are password protected, and the people dialing up will have a special group id which won't be common to any other group. So my question for NeXT experts is this: will my NeXT be reasonably secure for dialin access? Will the above precautions prevent people from gaining root access (non-secure dialin line, so SU shouldn't work), and will the precautions prevent them from looking in directories they shouldn't? Help is truly appreciated. My only alternative is to not let these people dial the NeXT, and it would cause many complications in development. Dave
eps@toaster.SFSU.EDU (Eric P. Scott) (03/01/91)
In article <1991Feb28.143720.7839@engage.enet.dec.com> tenny@ootool.dec.com (Dave Tenny) writes: > So my general rule of thumb is to leave the NeXT >directories and all system files with the protections they have >when they ship I wouldn't do that. The first thing I'd do is run /etc/catman followed by (cd /usr/man;exec chmod -R o-w cat*) This preformats all the man pages and protects them from being wiped out by aStupidJerk@completely.bogus.address typing `o' at a --More-- prompt and saving the changes. (It also makes the "man" command *much* faster.) Then something along the lines of #!/bin/csh -f set verbose chmod o-w / /me /private/spool/uucp/STATS chmod -R go-w \ /NextApps/Librarian.app/LibrarianHelp/.index \ /NextDeveloper/Demos \ /NextDeveloper/Examples/MusicKit/exampunitgenerator \ /NextLibrary/Documentation/*/.index \ /NextLibrary/Documentation/NextDev/ReleaseNotes/.index \ /NextLibrary/Documentation/Unix/ManPages/.index \ /NextLibrary/Literature/Shakespeare/.index \ /NextLibrary/References chmod -R o-w /NextLibrary/Packages chown 0.0 /NextApps/Librarian.app/LibrarianHelp/.dir.tiff \ /usr/filesystems/*/*.{name,tiff} \ /usr/lib/dsp/ugsrc chmod a+r /usr/filesystems/CDROM.fs/*.{name,tiff} chgrp kmem /usr/lib/emacs/etc/loadst chmod g+s /usr/lib/emacs/etc/loadst chmod go= /usr/template/user/Mailboxes chmod a+rx /usr/lib/indexing/files/images (cd /etc/uucp;exec chmod a+r L-devices L-dialcodes L.aliases L.cmds USERFILE) ...and the stuff discussed in Chapter 16 of N&SA: chmod ug-s /NextApps/{Preferences,PrintManager} niutil -destroyprop . /printers _writers niutil -destroyprop . /fax_modems _writers niutil -createprop . /printers RemoteAsNobody #niutil -createprop . / trusted_networks ###.### This is all sort of rough, I'm just starting to figure it out. -=EPS=- -- Trivia question: what is group 11?
bennett@mp.cs.niu.edu (Scott Bennett) (03/01/91)
In article <1991Feb28.143720.7839@engage.enet.dec.com> tenny@ootool.dec.com (Dave Tenny) writes: > > >I have a real need to allow people I don't really know to dial >into my NeXT (running 2.0), as part of a cooperative development effort. >While I fully intend to learn as much about them as possible, have them >sign some forms, etc., security is still a big issue. > >Unfortunately, I know very little about Unix (especially NeXT specific) >security holes, though in fact I've done quite a bit of security work >on non-unix systems. So my general rule of thumb is to leave the NeXT >directories and all system files with the protections they have >when they ship, except for things modified in /etc for ttys, >and UUCP related files. Well, for starters, pick up a copy of _UNIX_System_Security_ by Wood and Kochan. Also, watch comp.security.announce, comp.unix.questions, and comp.unix.wizards. (N.B. Send most questions to comp.unix.questions; the wizards tend not to be very amused by intrusions from beginners. The comp.unix.wizards group is intended to be used for highly technical and/or esoteric questions/discussions. *Reading* comp.unix.wizards, however, is a recommended educational route.) Also, pick up the cops package and run it frequently. > >For the directories I want protected from prying eyes, umasks and >protections are all appropriate. > >All accounts are password protected, and the people dialing up will >have a special group id which won't be common to any other group. > >So my question for NeXT experts is this: will my NeXT be reasonably >secure for dialin access? Will the above precautions prevent people >from gaining root access (non-secure dialin line, so SU shouldn't work), Try it. The "secure" option in /etc/ttys didn't work in 4.3BSD. I don't know whether it's fixed in the NeXT software. >and will the precautions prevent them from looking in directories >they shouldn't? > >Help is truly appreciated. My only alternative is to not let these >people dial the NeXT, and it would cause many complications in development. > >Dave Scott Bennett, Comm. ASMELG, CFIAG Systems Programming Northern Illinois University DeKalb, Illinois 60115 ********************************************************************** * Internet: bennett@cs.niu.edu * * BITNET: A01SJB1@NIU * *--------------------------------------------------------------------* * "WAR is the HEALTH of the STATE" --Albert Jay Nock (I think:-) * **********************************************************************
bennett@mp.cs.niu.edu (Scott Bennett) (03/01/91)
In article <1376@toaster.SFSU.EDU> eps@cs.SFSU.EDU (Eric P. Scott) writes: >In article <1991Feb28.143720.7839@engage.enet.dec.com> > tenny@ootool.dec.com (Dave Tenny) writes: >> So my general rule of thumb is to leave the NeXT >>directories and all system files with the protections they have >>when they ship > >I wouldn't do that. The first thing I'd do is run /etc/catman >followed by (cd /usr/man;exec chmod -R o-w cat*) >This preformats all the man pages and protects them from being >wiped out by aStupidJerk@completely.bogus.address typing `o' at a >--More-- prompt and saving the changes. (It also makes the "man" >command *much* faster.) The security issue here has already been addressed in other threads. It's not a problem. Running catman to pre-nroff all the man pages sounds nice, but takes a long time and *wastes* a lot of disk space. It is definitely a waste because on most systems the vast majority of man pages are *never* examined by any user. Those pages that *are* examined get nroff'ed once when first needed and are available for quick access from then on. > >Then something along the lines of > >#!/bin/csh -f >set verbose >chmod o-w / /me /private/spool/uucp/STATS >chmod -R go-w \ > /NextApps/Librarian.app/LibrarianHelp/.index \ > /NextDeveloper/Demos \ > /NextDeveloper/Examples/MusicKit/exampunitgenerator \ > /NextLibrary/Documentation/*/.index \ > /NextLibrary/Documentation/NextDev/ReleaseNotes/.index \ > /NextLibrary/Documentation/Unix/ManPages/.index \ > /NextLibrary/Literature/Shakespeare/.index \ > /NextLibrary/References >chmod -R o-w /NextLibrary/Packages >chown 0.0 /NextApps/Librarian.app/LibrarianHelp/.dir.tiff \ > /usr/filesystems/*/*.{name,tiff} \ > /usr/lib/dsp/ugsrc >chmod a+r /usr/filesystems/CDROM.fs/*.{name,tiff} >chgrp kmem /usr/lib/emacs/etc/loadst >chmod g+s /usr/lib/emacs/etc/loadst >chmod go= /usr/template/user/Mailboxes >chmod a+rx /usr/lib/indexing/files/images >(cd /etc/uucp;exec chmod a+r L-devices L-dialcodes L.aliases L.cmds USERFILE) > >...and the stuff discussed in Chapter 16 of N&SA: > >chmod ug-s /NextApps/{Preferences,PrintManager} Good grid!! Did NeXT *really* get *all* those permissions wrong??? >niutil -destroyprop . /printers _writers >niutil -destroyprop . /fax_modems _writers >niutil -createprop . /printers RemoteAsNobody >#niutil -createprop . / trusted_networks ###.### > >This is all sort of rough, I'm just starting to figure it out. > > -=EPS=- >-- >Trivia question: what is group 11? Scott Bennett, Comm. ASMELG, CFIAG Systems Programming Northern Illinois University DeKalb, Illinois 60115 ********************************************************************** * Internet: bennett@cs.niu.edu * * BITNET: A01SJB1@NIU * *--------------------------------------------------------------------* * "WAR is the HEALTH of the STATE" --Albert Jay Nock (I think:-) * **********************************************************************
eps@toaster.SFSU.EDU (Eric P. Scott) (03/02/91)
In article <1991Mar1.012721.21589@mp.cs.niu.edu> bennett@mp.cs.niu.edu (Scott Bennett) writes: > Try it. The "secure" option in /etc/ttys didn't work in 4.3BSD. >I don't know whether it's fixed in the NeXT software. Sure is. -=EPS=-
eps@toaster.SFSU.EDU (Eric P. Scott) (03/02/91)
In article <1991Mar1.014356.16867@mp.cs.niu.edu> bennett@mp.cs.niu.edu (Scott Bennett) writes: > Running catman to pre-nroff all the >man pages sounds nice, but takes a long time Not on an '040 machine!!! (I know...) > and *wastes* a lot of >disk space. Less than 3 megabytes. That's noise. Just getting rid of just the Guided Tour demo (if there's anything only worth running once, this is it) saves more than TWICE what ALL the formatted man pages take. > It is definitely a waste because on most systems the >vast majority of man pages are *never* examined by any user. Those >pages that *are* examined get nroff'ed once when first needed and >are available for quick access from then on. ...and molestation by abusive users. What you do on your personal machine is your business. I'm in a University environment--that's a bit more hostile. If space is a problem, I can NFS-mount from a machine where it isn't. Also, my time's important to me. catman will complete over a lunch hour even on an '030 machine. If I have to wait for a man page while I'm working, it blows my concentration. I want it NOW. Did I mention reducing disk fragmentation? (Before anyone asks, compressing man pages a la System V would complicate things.) [long list of permissions changes] > Good grid!! Did NeXT *really* get *all* those permissions wrong??? Check for yourself. I started on a fresh-out-of-the-box recently-manufactured NextStation with software preinstalled on a 400MB internal drive. -=EPS=-
rbp@investor.pgh.pa.us (Bob Peirce #305) (03/12/91)
>> It is definitely a waste because on most systems the >>vast majority of man pages are *never* examined by any user. Those >>pages that *are* examined get nroff'ed once when first needed and >>are available for quick access from then on. You can use cron to rm any that have not been accessed in some period of time on the assumption that the query was a one-shot deal. -- Bob Peirce, Pittsburgh, PA 412-471-5320 ...!uunet!pitt!investor!rbp rbp@investor.pgh.pa.us
regn@informatik.uni-ulm.de (Robert Regn) (04/12/91)
In <1991Mar11.163150.7457@investor.pgh.pa.us> rbp@investor.pgh.pa.us (Bob Peirce #305) writes: >>> It is definitely a waste because on most systems the >>>vast majority of man pages are *never* examined by any user. Those >>>pages that *are* examined get nroff'ed once when first needed and >>>are available for quick access from then on. >You can use cron to rm any that have not been accessed in some period of >time on the assumption that the query was a one-shot deal. Good idea, because of another problem: if a user with umask 077 reads a never before read man page, then the catman - page isn't readable by other users. And: The possibility of CHANGING the manual pages ( catman) is always a security hole!
bennett@mp.cs.niu.edu (Scott Bennett) (04/12/91)
In article <regn.671389727@julia> regn@informatik.uni-ulm.de (Robert Regn) writes: >In <1991Mar11.163150.7457@investor.pgh.pa.us> rbp@investor.pgh.pa.us (Bob Peirce #305) writes: > >>>> It is definitely a waste because on most systems the >>>>vast majority of man pages are *never* examined by any user. Those >>>>pages that *are* examined get nroff'ed once when first needed and >>>>are available for quick access from then on. > >>You can use cron to rm any that have not been accessed in some period of >>time on the assumption that the query was a one-shot deal. > >Good idea, because of another problem: >if a user with umask 077 reads a never before read man page, >then the catman - page isn't readable by other users. Have you *tried* this? My umask is 027 and the permissions on the formatted pages produced when I use man(1) come out as 666. BTW, you're responding to *very* old articles. Please either a) read all of them till you're caught up before posting followups or b) junk everything up until the last few days and start reading there before posting followups. Scott Bennett, Comm. ASMELG, CFIAG Systems Programming Northern Illinois University DeKalb, Illinois 60115 ********************************************************************** * Internet: bennett@cs.niu.edu * * BITNET: A01SJB1@NIU * *--------------------------------------------------------------------* * "Well, I don't know, but I've been told, in the heat of the sun * * a man died of cold..." Oakland, 19 Feb. 1991, first time since * * 25 Sept. 1970!!! Yippee!!!! Wondering what's NeXT... :-) * **********************************************************************