Re: Small Bug

To: Gregory Ade <gkade@bigbrother.net>
Cc: debian-hurd@lists.debian.org
Subject: Re: Small Bug
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Thu, 16 Mar 2000 01:01:19 +0100
Message-id: <[🔎] 20000316010119.A27203@ulysses.dhis.net>
In-reply-to: <[🔎] Pine.LNX.4.10.10003151426240.12529-100000@kanga.azure-n-jade.vpn.tadma.net>; from gkade@bigbrother.net on Wed, Mar 15, 2000 at 02:45:38PM -0800
References: <[🔎] 20000315215247.C1828@ulysses.dhis.net> <[🔎] Pine.LNX.4.10.10003151426240.12529-100000@kanga.azure-n-jade.vpn.tadma.net>

On Wed, Mar 15, 2000 at 02:45:38PM -0800, Gregory Ade wrote:
> Perhaps, then, I should move from my naive statements about user accounts
> into software installed on the machine.  Is is possible, then, that a
> stranger, looking around with 'cat' and 'ls' and 'cd', could find out
> enough about a system and it's installed software packages to form an
> attack?

You don't need an account for that. You can scan the open ports for
vulnerable software.

Some people did this, and found that many systems have at least some
vulnerable software running on some open port.

If the software doesn't leave a fingerprint (some program name plus version
number), you can examine its behaviour by sending some irregular data to it.
I am n security expert, though, and I can imagine that there are several
other ways to gather such info I don't know.

> Granted, now we're getting into the realm of "don't run services with
> known exploits in them"...

Yes. Exactly.

> What stops someone playing around a the login prompt from sending a mail
> message, or spooling every file on the filesystem that he can read to the
> printer, or filling up /tmp, or running a find large enough to crash the
> filesystem (did that with a typo myself the other day).

The not logged in user can only do what the file permissions allow him.
Currently, those are mapped by default to the "o" set of permissions.

This is probably not desirable, I can understand if someone thinks the
default permission should be ---, at least for some parts.

The Hurd developers have not decided about the system default yet.

However, it is easy to change the permission of the not logged in user so
that he can't do anything at all. It's just not convenient yet :)

> I guess what I'm asking is, what *can* someone malicious do from the login
> prompt, assuming a "properly" set up system? (i.e., normal users have no
> write access except in /home/<user>, /tmp, and whatever other
> directories/filesystems might be set up for the users' use, and typical
> read permissions that one would find on various sections of the Hurd's
> filesystem).

A lot. He can crash the system quite easily on the login shell. He can do
all sort of DOS (denial of service) attacks. He can probably do some very
bad things because there are bugs in the Hurd. However, he can certainly not
do anything more than any normal user could. He can also not mess around
with someones home dir anymore than other users could.

If we now talk about the existing security of a Hurd box, you should not
touch it with a ten feet pole if you are paranoid :)

(BTW, it is possible to turn the login shell into a login prompt. Then all
this does not apply of course).

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server 
Marcus Brinkmann              GNU    http://www.gnu.org    for public PGP Key 
Marcus.Brinkmann@ruhr-uni-bochum.de,     marcus@gnu.org    PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/       brinkmd@debian.org

Reply to:

Follow-Ups:
- Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>

References:
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
  - From: Gregory Ade <gkade@bigbrother.net>

Prev by Date: Re: Package questions
Next by Date: Re: "Small" Bug
Previous by thread: Re: Small Bug
Next by thread: Login shell (was: Small Bug)
Index(es):
- Date
- Thread