>From a usability perspective, I like it. But with anything run as root, I think that the default configuration should be secure.
The accounts nobody and anonymous aren't standards, they're just conventions. So depending upon them to represent what they seem to say they are isn't, IMHO, the wisest choice. I'll agree that in the real world it's only a risk if you're already hacked. But this change has the POTENTIAL to reduce the security of the default configuration by some tiny amount. Which exposes us to certain prejudices -- which is why certain OSes are STILL distributing ports of ntop 1.1. Think I'm joking? See http://www.openbsd.org/3.2_packages/i386/ntop-1.1.tgz-long.html. All of that said, I can't think how to tighten it down other than removing it - even if you read and parse /etc/shells and /etc/passwd and stuff, you still can't be sure that it's an account that can't login and/or one that doesn't have rights somewhere it shouldn't. For example, just because a shell has the word nologin in it's name, doesn't mean that the user can't still login with it (rm -f /sbin/nologin; ln -s /usr/bin/bash /sbin/nologin)! So, since I can't fix it and you want it left in, that's that... As to HP, well, if the setuid(-1) fails, then you're back with the old code - you have to give a -u name parameter, so that causes me no angst. I'm not sure which -P hack you mean... but I guess it's irrelevant anyway. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Luca Deri Sent: Tuesday, April 01, 2003 12:32 AM To: [EMAIL PROTECTED] Subject: Re: [Ntop-dev] -u change (was New ntop commit (author deri)) Burton, the idea is to type "ntop" <enter> and run the application. I think that the -P hack is fine. If you want to change it (e.g. #ifdef HP user = ???) do that but I suggest not to remove it. My idea was not to make ntop insecure, just to ease its use. Cheers, Luca Burton M. Strauss III wrote: >We need to update ntop.8 and the generated .txt and .html files... > >In some implementations (HP-UX), nobody is assigned a negative uid and you >can't setuid() to it. I think it will fail and the code will catch it. >Then again y'all know my issues w/ HP-UX... > >Also, shouldn't we really check and make sure that the logon shell doesn't >permit login... otherwise, ghu forbid somebody hacks the nobody or anonymous >account??? I guess I'm uncomfortable that this opens up another reason for >certain 'secure' OSes to dis ntop... > >-----Burton > > > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf >Of [EMAIL PROTECTED] >Sent: Monday, March 31, 2003 9:11 AM >To: [EMAIL PROTECTED] >Subject: [Ntop-dev] New ntop commit (author deri) > > >Update of /export/home/ntop/ntop >In directory jabber:/tmp/cvs-serv10070 > >Modified Files: > globals-core.h globals-structtypes.h main.c util.c >Log Message: >Moved black/white list functions from the netflow plugin to util.c (this >should >ease their integration with other plugins such as sFlow). > >Changed -u behaviour. If the -u flag is *not* specified, ntop looks for >users >"nobody" and (if not found) for "anonymous". This way, ntop will start as >user with no privileges without having to specify -u. If -u is specified, >ntop >will change user as usual. > > > >_______________________________________________ >Ntop-dev mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > >_______________________________________________ >Ntop-dev mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
