On Wed, Jul 09, 2003 at 11:31:29AM -0700, Gordon Messmer wrote:
Ed Wilts wrote:
You're right - there is a security hole there. For example, I don't think it's a good idea that the password file is world readable since it gives information out that you may not want to share.
If you're using shadow password files (and you don't have any excuse not to): no, it doesn't.
Yes it does, even with shadow passwords. If you give a local user the
list of all the userids on the system, he's got a head start on ids he
can crack. Give him the last login time, and he's even better off - now
he knows that if crack Joe Blow's account, and Joe only signs on once a
month (as last while show), his nefarious activity might be hidden for a
while longer. The more information you make public, the less secure you
should feel.
You could find all that out with 'ls -lu /home'. Even if you couldn't read the user database directly, you can find the information some other way. If you couldn't, you'd destroy one of the primary functions of multi-user computer systems: Helping users communicate with each other and work together.
Obscurity is not security. Drawing your shutters closed does not make you safe.
For the record, if I'm being authenticated by an ldap entry, ls -l still
works, even though I'm not even in /etc/passwd.
Big deal, your information is still in a user-accessible location. The only difference between 'grep ewilts /etc/passwd' and 'ldapsearch -x uid=ewilts' is one of process. The information is available to everyone, regardless of where it's stored.
...
Users *should* be able to read /etc/passwd.
I disagree with the last comment. I know why it works that way and understand that, but that doesn't mean it's the best way. That's just the way it is, for better or for worse. You could, for example, solve some of the issues with proper use of access control lists and various privilege models (a la VMS). On VMS, for example, the system username file is not world readable. You know what, dir/full works.
Perhaps you could expand on that by telling us *how* it works. (Don't know...never used VMS). What, exactly, allows "dir" to read the user database, but prevents other applications from doing so?
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
