Re: Linux security
Have you asked the ISP how many /etc/passwds (s)he has broken ... After if, maybe, probably ... you can say anything. Talk as they say this side of the Atlantic is CHEAP On Tue, 18 Aug 1998 [EMAIL PROTECTED] wrote: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected several cases of insecurity regarding Linux. I would like to know from a more qualified source as to how to respond to this. I have been using Debian for a few months now and thoroughly enjoy it. Not only as an operating system, but for the documentation and the learning experience. Thank you for your time and attention. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Jonathan Lawson Thermal Processes Unit Department of Applied Energy and Optical Diagnostics School of Mechanical Engineering, Cranfield University, Cranfield, Bedford. UK. email [EMAIL PROTECTED] 'They came forth from unholy darknesses ... and were driven back by the rage of Angels'
Re: Linux security
-BEGIN PGP SIGNED MESSAGE- Clearly, you were speaking with a Junior Level individual. Call back and ask for Second Level Support next time. :-) - - Kyle On Tue, 18 Aug 1998 [EMAIL PROTECTED] wrote: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected several cases of insecurity regarding Linux. I would like to know from a more qualified source as to how to respond to this. I have been using Debian for a few months now and thoroughly enjoy it. Not only as an operating system, but for the documentation and the learning experience. Thank you for your time and attention. Kyle Amon email: [EMAIL PROTECTED] Unix Systems Administratorphone: (203) 486-3290 Security Specialist pager: 1-800-759- PIN 1616512 IBM Global Services or [EMAIL PROTECTED] email: [EMAIL PROTECTED] url: http://www.gnutec.com/kyle KeyID 1024/26DD13D9 Key fingerprint = 7D 86 D1 AE 4B E9 91 6A 4B BC B5 B4 12 F0 D3 1A GNU does not eliminate all the world's problems, only some of them. - Richard Stallman The GNU Manifesto, 1985 -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAgUBNdn+RcTIuZsm3RPZAQG6dgP8DSwWUdb9TwoZ/knSpgNkIQKEBDzmfcCO VNWayTmSQeyhjD0bpAiEyo7/kwh7QYiMi+sL6WmWl48XusxJD0zHQRewZEdM4d9S 8wk07HiDanAe5+ujy8WIwEUPoMxV20A6uvJZmervMPSLTG204u527bs7glDFttik Su6k5OhNdrM= =R7uP -END PGP SIGNATURE-
Re: Linux security
I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He mentioned something about That is apparently a VERY wrong statement. Just because the source is out, does not make the system insecure. Open source allows programmers from around the world to collaborate, and eliminate bugs fast. With open source, one has complete insurance there are no back doors, or some other nasty things. attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected People who do not use shadow should be shot! In ancient versions of UNIX, passwords were indeed stored ( encrypted ) in /etc/passwd. Shadow passwords eliminates that. It moves all of the encrypted files to a file, that is readable by administrator ( root ) only. ( If root is compromised, system is doomed anyway ) In short -- it's not true. If passwords are stored in /etc/passwd, whoever is responsible for the system is not worth $1/day. several cases of insecurity regarding Linux. I would like to know from a more 'Several cases' out of what -- 1000? What about NT? Open source allows for patches to be distributed v. quickly, and problem is fixed before MS publicly admits that bug is present in their products... qualified source as to how to respond to this. I have been using Debian for a few months now and thoroughly enjoy it. Not only as an operating system, but for the documentation and the learning experience. Good luck in your quest. I'm ready to put Linux against NT any day. ( I'm not even talking about day-to-day administration. ) If you want to hear more assurances from people who actually run ISPs, e-mail debian-isp list. Thank you for your time and attention. No problem. -Nikita -- Even God cannot change the past. -- Joseph Stalin
Re: Linux security
On Tue, 18 Aug 1998 [EMAIL PROTECTED] wrote: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He This is known as 'security through obscurity' NT is more secure because some smart person can't look at the source code and find a bug. Trouble is there is a 50/50 chance of a smart person looking at linux's source code and: 1 - Exploiting the bug 2 - Reporting the bug So it all manages to work out : With NT the people looking for bugs generally do so with an intent to exploit. mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected several cases of insecurity This is cute : No, you can't decrypt unix passwords, they use a hashing technique, the best you can do is guess. NT uses an IDENTICAL system of password management, save for the fact that they use MD4 hashes. If you donwload the windows registry from an NT machine you can subject it to the same attack. regarding Linux. I would like to know from a more qualified source as to how to respond to this. I have been using Debian for a few months There is a site someplace with security holes in NT, it's quite the impressive list and is esially comparable to the unix list (which includes alot more software) I don't have the url unfortunately. Jason
Re: Linux security
On Tue, 18 Aug 1998 [EMAIL PROTECTED] wrote: : I was having a discussion with my ISP about Linux. He said he uses : Windows NT because it is much more secure than Linux. He stated that : since the source code was available that it was very unsecure. He : mentioned something about attaining root access by downloading : /etc/passwd and de-crypting the passwords. He bases this on a source : called cicia.org. He said it reflected several cases of insecurity : regarding Linux. I would like to know from a more qualified source : as to how to respond to this. I have been using Debian for a few : months now and thoroughly enjoy it. Not only as an operating system, : but for the documentation and the learning experience. Thank you for : your time and attention. Uh ... boy, I sure do like NT administrators. They make me worth more money :) I am by no means a Linux guru, but here's what I know: First, the /etc/passwd file can not be decrypted. First reason: on modern unices, the actual crytped passwords are kept in /etc/shadow, not /etc/passwd. Of course, you can disable shadow passwords, but if you do not you now have file permissions protecting your crypted passwords. However, let's assume someone grabs a copy of your /etc/passwd file, and you aren't using shadow passwords. All is not lost (yet). See, you can't decrypt the information stored on disk - your plaintext password is encrypted using a one-way hash (the crypt function), and every time you are prompted for your password your INPUT is again encrypted, and compared to the already encrypted version stored on disk. Given today's machines, it is possible to mount a brute force dictionary attack against crypted passwords - I take every word I can think of and crypt it using all 4096 salts. If I can produce a match against one of the password fields in your /etc/passwd file I have guessed the password! However, you can eliminate the success of a dictionary attack by employing triviality checks against proposed passwords. The Debian password suite does implement some of these checks, though it will allow the root user to assign any user a weak password. The makepasswd command can also be used to produce hard to guess passwords. I've seen quite a few programs that will attack the Windows Registry anbd retrieve passwords for you. Some security. As a non-trivial OS, Linux does of course have bugs. So does NT. Since the Linux source code is readily available, it can be perused for bugs at your leisure. Of course, some people will use this information for harm. Others will use it to produce a fix, and more often then not they propagate the fix throughout the community. Soon, most machines are no longer vulnerable to that security hole! Contrast this to NT, where source code is not available. In time, someone will discover some scheme where NT can be crashed, or its security m,odel compromised (remember OOB data?). However, even if the person discovering the bug is a conscientious person, tehy cannot fix the bug, even for themselves! No, you must go to Microsoft and either retrieve a patch or hgope they write one soon (this is my gripe with commercial unices as well). In the meantime, you are insecure! Not a great option for an ISP especially. opinion+rant Even if NT and Linux had similar security features and availability of source code were not an issue, I still choose Linux because of cost of ownership issues. Never mind the software license costs: have you priced an NT based news server lately? Or an NT based webserver? Or even an Exchange server? NT places gross demands on the hardware, often with no immediate benefit to the user (other than a pretty face). Linux, on the other hand, can extend the life of a 486, and if given enough RAM and disk can outperform many higher horsepower boxes running proprietary OSes. /opinion+rant Having said all that, I use NT on my desktop at work - I need Lotus Notes and I couldn't deal with Win95 crashing 3 times a day. NT crashes about every ten days, so that's not too bad (compared to 95). All of my servers do run Linux, and with the exception of two machines (one with flaky hardware; the other with a hodge-podge of add-on software anbd kludged scripts) they are rock solid - they never crash. Hmm - I just noticed you asked for a qualified source - that's not me :) Point him to on of the O'Reilly books on Internet security. -- Nathan Norman MidcoNet 410 South Phillips Avenue Sioux Falls, SD mailto:[EMAIL PROTECTED] http://www.midco.net finger [EMAIL PROTECTED] for PGP Key: (0xA33B86E9)
Re: Linux security
On Tue, Aug 18, 1998 at 11:46:43AM -0500, [EMAIL PROTECTED] wrote: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected several cases of insecurity regarding Linux. I would like to know from a more qualified source as to how to respond to this. I have been using Debian for a few months now and thoroughly enjoy it. Not only as an operating system, but for the documentation and the learning experience. Thank you for your time and attention. I am no security expert but...I have been reading BUGTRAQ and have some understanding of security issuesbut here is what I have to say. First The only computer system that is truely secure is one whith all of the cords pulled out (ESPECIALLY POWER) locked in a thick steel safe and dropped to the bottom of the ocean The opion I have seen expressed form most security experts is that opensource tends to make thing sMORE SECURE. The reason is that people are able to read the source and find the problems...this allows them to be identified and fixed. NT not having open source meerly hides its vulnerabilities...and a hidden vulnerability is a ticking time bomb! ALso...personal experiance... At work we are a Microsoft shop...we had an NT machine where the admin password was lost. We were able to brute force the admin password in about 2 hours! In fact...the entire keyspace of the NT passwords can be searched in under 3 days on a modest desktop computer. This was with physical acess...to prove th epoint a co-worker then used his system to brute force another persons password...by pasively grabbing the password hash then brute forcing it...with NO physical acess to the NT machine wa sjust on the network As for his claims about Unix passwords... 1) Unix passwords are hashed NOT encrypted. This means that there is no magic that can give you the password if you know the right keys To get a unix password this way you must take possible passwords and hash them and test the hash against the original hash... this can be a dictionary attack (using a word list for weak word-based passwords) or brute force (trying every possible password from a to ) This WILL takew you allot longer than 3 days ;) 2) With shadow passwords the password hashes are hidden...only root can read them. Here is the difference: old style: root:JKzdgcbnwej:0:0:Info Field:/bin/bash ^^^ password hash used in cracking shadow (this is actually from the password file on MY system..cut and paste: root:x:0:0:root:/root:/bin/bash ^ The hash is stored in /etc/shadow...which is NOT readable by anyone but root. This is a fairly standard security setup. To get back to open source... Often on Bugtraq I will see someone with a report saying There is a insert hole type in insert program name. The following is the source code for how to exploit it...insert exploit code and here is a patch to fix the problem: insert patch and with NT vulnerabilities... There is an exploit in this...here is how to exploit it (14 days later) Microsoft has releaces a patch... See a difference? see the advantage of Open Source? Note: i mean Open SOurce not free software... any program where source is available a patch like this can be made... even if its not free ..this is completely impossible with NT (unless you are into disassembly) -Steve -- /* -- Stephen Carpenter [EMAIL PROTECTED] --- [EMAIL PROTECTED] */ E-mail Bumper Stickers: A FREE America or a Drug-Free America: You can't have both! honk if you Love Linux pgpDf44rVN3OJ.pgp Description: PGP signature
Re: Linux security
On 08/18/98 at 11:46 AM, [EMAIL PROTECTED] said: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected several cases of insecurity regarding Linux. I would like to know from a more qualified source as to how to respond to this. I have been using Debian for a few months now and thoroughly enjoy it. Not only as an operating system, but for the documentation and the learning experience. Thank you for your time and attention. I know you are talking about NT vs Linux; but does anyone know how well Win95 password protection works? It doesn't the morons made the default configuration one where all the invader has to do is hit the ESC key to by pass the login. What is the _first_ thing some lacking in skill vandal would do upon seeing a login screen? I can't get in here. Better get rid of the evidence as he hits the ESC key. Any company that makes that configuration the default isn't capable of making a secure OS. It is beyond there mental ability. BTW, this is still the default for Win95 OSR2. Even better, there is no obvious way to change the default and the change takes some involved steps. George
Re: Linux security
In my experiance the only thing that happens when you press escape at the login screen is some machines on the network won't be visable/accesable On Tue, 18 Aug 1998, George R wrote: On 08/18/98 at 11:46 AM, [EMAIL PROTECTED] said: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. He mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a source called cicia.org. He said it reflected several cases of insecurity regarding Linux. I would like to know from a more qualified source as to how to respond to this. I have been using Debian for a few months now and thoroughly enjoy it. Not only as an operating system, but for the documentation and the learning experience. Thank you for your time and attention. I know you are talking about NT vs Linux; but does anyone know how well Win95 password protection works? It doesn't the morons made the default configuration one where all the invader has to do is hit the ESC key to by pass the login. What is the _first_ thing some lacking in skill vandal would do upon seeing a login screen? I can't get in here. Better get rid of the evidence as he hits the ESC key. Any company that makes that configuration the default isn't capable of making a secure OS. It is beyond there mental ability. BTW, this is still the default for Win95 OSR2. Even better, there is no obvious way to change the default and the change takes some involved steps. George -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: Linux security
On 08/18/98 at 11:13 PM, [EMAIL PROTECTED] said: On Tue, 18 Aug 1998, George R wrote: I know you are talking about NT vs Linux; but does anyone know how well Win95 password protection works? It doesn't the morons made the default configuration one where all the invader has to do is hit the ESC key to by pass the login. What is the _first_ thing some lacking in skill vandal would do upon seeing a login screen? I can't get in here. Better get rid of the evidence as he hits the ESC key. Any company that makes that configuration the default isn't capable of making a secure OS. It is beyond there mental ability. BTW, this is still the default for Win95 OSR2. Even better, there is no obvious way to change the default and the change takes some involved steps. George In my experiance the only thing that happens when you press escape at the login screen is some machines on the network won't be visable/accesable I haven't tried it on a networked Win95 box. That is a real scarry result, bypass MS non-security and get limited network access. I _really_ don't want to depend on security in a MS OS now. Why bother with security like this? George
Re: Linux security
On Tue, Aug 18, 1998 at 09:43:13PM -0500, Nathan E Norman wrote: However, let's assume someone grabs a copy of your /etc/passwd file, and you aren't using shadow passwords. All is not lost (yet). See, you can't decrypt the information stored on disk - your plaintext password is encrypted using a one-way hash (the crypt function), and every time you are prompted for your password your INPUT is again encrypted, and compared to the already encrypted version stored on disk. I thought what happened was that the password entered is used to encrypt a string of 0's and the encoded (not encrypted) password is also used to encrypt the same string of 0's and if they match the password is correct. -- Steve C. Lamb | Opinions expressed by me are not my http://www.calweb.com/~morpheus| employer's. They hired me for my CC: from news not wanted or appreciated| skills and labor, not my opinions! ---+-
Re: Linux security
At 11:22 PM 8/18/1998 +, you wrote: On 08/18/98 at 11:13 PM, [EMAIL PROTECTED] said: On Tue, 18 Aug 1998, George R wrote: I know you are talking about NT vs Linux; but does anyone know how well Win95 password protection works? It doesn't the morons made the default configuration one where all the invader has to do is hit the ESC key to by pass the login. What is the _first_ thing some lacking in skill vandal would do upon seeing a login screen? I can't get in here. Better get rid of the evidence as he hits the ESC key. Any company that makes that configuration the default isn't capable of making a secure OS. It is beyond there mental ability. BTW, this is still the default for Win95 OSR2. Even better, there is no obvious way to change the default and the change takes some involved steps. George In my experiance the only thing that happens when you press escape at the login screen is some machines on the network won't be visable/accesable I haven't tried it on a networked Win95 box. That is a real scarry result, bypass MS non-security and get limited network access. I _really_ don't want to depend on security in a MS OS now. Why bother with security like this? George Here on our university campus we tried putting a bunch of Win95 boxes in our several labs. It didn't take long to discover that that was not going to work. So the following year we converted to NT WS. I'm not really part of that side of things, so I'm not sure how things are working now, but as soon as I get more literate in Linux, I'll be pushing wherever I can to get away from the MS mentality. === Kent West | Technology Support/ | Abilene Christian University| Voice: 915-674-2557 FAX: 915.674.6724 | ACU Station, Box 29005 | E-MAIL: [EMAIL PROTECTED] | Abilene, TX 79699-9005 | Ham:KC5ENO, General | ===
Re: Linux security
On Tue, Aug 18, 1998 at 11:22:37PM +, George R wrote: On 08/18/98 at 11:13 PM, [EMAIL PROTECTED] said: On Tue, 18 Aug 1998, George R wrote: I know you are talking about NT vs Linux; but does anyone know how well Win95 password protection works? It doesn't the morons made the default configuration one where all the invader has to do is hit the ESC key to by pass the login. What is the _first_ thing some lacking in skill vandal would do upon seeing a login screen? I can't get in here. Better get rid of the evidence as he hits the ESC key. Any company that makes that configuration the default isn't capable of making a secure OS. It is beyond there mental ability. BTW, this is still the default for Win95 OSR2. Even better, there is no obvious way to change the default and the change takes some involved steps. George In my experiance the only thing that happens when you press escape at the login screen is some machines on the network won't be visable/accesable I haven't tried it on a networked Win95 box. That is a real scarry result, bypass MS non-security and get limited network access. I _really_ don't want to depend on security in a MS OS now. Why bother with security like this? At work we have a setup like this...it requires that you log in to even use the computer. If you hit cancel (or esc) it denies acess...but... hit alt-esc and presto the login screen is still there but the task manager comes up... then you merrily goto file-run and run explorerbang...startr menu...works...fully acessable and to add insult to injury... the login screen is STILL THERE waitin gfor you to login while you do your nasty deeds (of course even without thois/...as a demonstration we captured and brute forced someone s password in under a day) -Steve -- /* -- Stephen Carpenter [EMAIL PROTECTED] --- [EMAIL PROTECTED] */ E-mail Bumper Stickers: A FREE America or a Drug-Free America: You can't have both! honk if you Love Linux pgpgiEdLUcl27.pgp Description: PGP signature
Re: Linux security
On Tue, 18 Aug 1998, Steve Lamb wrote: : On Tue, Aug 18, 1998 at 09:43:13PM -0500, Nathan E Norman wrote: : However, let's assume someone grabs a copy of your /etc/passwd file, and : you aren't using shadow passwords. All is not lost (yet). See, you : can't decrypt the information stored on disk - your plaintext password : is encrypted using a one-way hash (the crypt function), and every time : you are prompted for your password your INPUT is again encrypted, and : compared to the already encrypted version stored on disk. : : I thought what happened was that the password entered is used to encrypt : a string of 0's and the encoded (not encrypted) password is also used to : encrypt the same string of 0's and if they match the password is correct. No. The first two characters of the Encrypted password field are the salt; the plaintext password collected from loogin or wherever is crypted using that salt, and the result compared to the entire field. The Perl Camel book has a function which demonstrates a simple implementation of this system. -- Nathan Norman MidcoNet 410 South Phillips Avenue Sioux Falls, SD mailto:[EMAIL PROTECTED] http://www.midco.net finger [EMAIL PROTECTED] for PGP Key: (0xA33B86E9)
Re: Linux security
On Tue, 18 Aug 1998 23:27:40 -0500 (CDT), Nathan E Norman wrote: No. The first two characters of the Encrypted password field are the salt; the plaintext password collected from loogin or wherever is crypted using that salt, and the result compared to the entire field. Hrm, guess things have changed since the other nutshell book was printed. :/ -- Steve C. Lamb | Opinions expressed by me are not my http://www.calweb.com/~morpheus| employer's. They hired me for my ICQ: 5107343 | skills and labor, not my opinions! ---+-
Passwd Encryption (Re: Linux security)
On Tue, 18 Aug 1998, Steve Lamb wrote: On Tue, 18 Aug 1998 23:27:40 -0500 (CDT), Nathan E Norman wrote: No. The first two characters of the Encrypted password field are the salt; the plaintext password collected from loogin or wherever is crypted using that salt, and the result compared to the entire field. Hrm, guess things have changed since the other nutshell book was printed. :/ An extract from the crypt(3) man page: crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hard? ware implementations of a key search. key is a user's typed password. salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algo? rithm in one of 4096 different ways. By taking the lowest 7 bit of each character of the key, a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself). The return value points to static data whose content is overwritten by each call. Chris --- Debian GNU/Linux Ooohh You are missing out! --- Reply with subject 'key' for PGP public key. KeyID A9E087D5
Re: Passwd Encryption (Re: Linux security)
On Wed, 19 Aug 1998, Chris wrote: : On Tue, 18 Aug 1998, Steve Lamb wrote: : : On Tue, 18 Aug 1998 23:27:40 -0500 (CDT), Nathan E Norman wrote: : : No. The first two characters of the Encrypted password field are the : salt; the plaintext password collected from loogin or wherever is : crypted using that salt, and the result compared to the entire field. : : Hrm, guess things have changed since the other nutshell book was printed. : :/ : : : : : An extract from the crypt(3) man page: : : :crypt is the password encryption function. It is based on :the Data Encryption Standard algorithm with variations :intended (among other things) to discourage use of hard :ware implementations of a key search. : :key is a user's typed password. : :salt is a two-character string chosen from the set :[a-zA-Z0-9./]. This string is used to perturb the algo :rithm in one of 4096 different ways. : :By taking the lowest 7 bit of each character of the key, a :56-bit key is obtained. This 56-bit key is used to :encrypt repeatedly a constant string (usually a string :consisting of all zeros). The returned value points to :the encrypted password, a series of 13 printable ASCII :characters (the first two characters represent the salt :itself). The return value points to static data whose :content is overwritten by each call. Ah! Ok, I see what I was missing. -- Nathan Norman MidcoNet 410 South Phillips Avenue Sioux Falls, SD mailto:[EMAIL PROTECTED] http://www.midco.net finger [EMAIL PROTECTED] for PGP Key: (0xA33B86E9)
Re: Linux security
Stephen wrote, At work we have a setup like this...it requires that you log in to even use the computer. If you hit cancel (or esc) it denies acess...but... hit alt-esc and presto the login screen is still there but the task manager comes up... then you merrily goto file-run and run explorerbang...startr menu...works...fully acessable and to add insult to injury... the login screen is STILL THERE=20 waitin gfor you to login while you do your nasty deeds=20 Years ago, I took over development of an application by a startup company. Upon launching, it asked the user for his security level . . . and believed him. -- These opinions will not be those of ISU until it pays my retainer.
Re: Linux security
On Tue, Aug 18, 1998 at 11:46:43AM -0500, [EMAIL PROTECTED] wrote: I was having a discussion with my ISP about Linux. He said he uses Windows NT because it is much more secure than Linux. He stated that since the source code was available that it was very unsecure. I have trouble with this statement. It seems to me, with the source code open and available, *anyone* can take a gander at Linux's source. Naturally, hundreds of people can see where there are potential security holes in the code. All Windows systems are limited only to the Microsoft programmers. In my mind, it just seems that the more folks there are looking at code, the better the chances of discovering bugs, security concerns, etc. He mentioned something about attaining root access by downloading /etc/passwd and de-crypting the passwords. He bases this on a The only sensible way to run a multi-user Linux system (e.g., an ISP), is with shadow passwords. *Only* root can read the shadow password file (/etc/shadow). By the time the root account is compromised, /etc/shadow really doesn't mean much. I wouldn't put too much confidence in the person with whom you spoke at your ISP. Gook luck!
Re: Linux security
On Wed, 19 Aug 1998 13:21:37 -0500, the lone gunman wrote: only to the Microsoft programmers. In my mind, it just seems that the more folks there are looking at code, the better the chances of discovering bugs, security concerns, etc. It is the glass half empty versus the glass half full problem. He sees the glass half empty. Open source means more people looking for security holes to *exploit*. You see the glass half full. Open source means more people looking for security holes to *plug*. You're both correct. Open Source means more people looking for security holes to exploit/plug. ;) -- Steve C. Lamb | Opinions expressed by me are not my http://www.calweb.com/~morpheus| employer's. They hired me for my ICQ: 5107343 | skills and labor, not my opinions! ---+-
Re: Linux security
On Wed, Aug 19, 1998 at 11:42:25AM -0700, Steve Lamb wrote: On Wed, 19 Aug 1998 13:21:37 -0500, the lone gunman wrote: only to the Microsoft programmers. In my mind, it just seems that the more folks there are looking at code, the better the chances of discovering bugs, security concerns, etc. It is the glass half empty versus the glass half full problem. He sees the glass half empty. Open source means more people looking for security holes to *exploit*. You see the glass half full. Open source means more people looking for security holes to *plug*. I think the linux community can boast that it fixes exploits pretty quickly. Although exploits may be easier to discover with open source, they are arguably easier to fix. Perhaps it's harder to find the exploits in closed source (i.e. Windows), but once the exploit is discovered, Microsoft must be relied on to fix the problem (for the most part). shrug
Re: Linux security
On Wed, 19 Aug 1998, Steve Lamb wrote: On Wed, 19 Aug 1998 13:21:37 -0500, the lone gunman wrote: only to the Microsoft programmers. In my mind, it just seems that the more folks there are looking at code, the better the chances of discovering bugs, security concerns, etc. It is the glass half empty versus the glass half full problem. He sees the glass half empty. Open source means more people looking for security holes to *exploit*. You see the glass half full. Open source means more people looking for security holes to *plug*. You're both correct. Open Source means more people looking for security holes to exploit/plug. ;) IMHO the point is another: who do you trust more, Microsoft (a per-profit dictatorship, which hides security problems to user but not to crackers) or Debian (non-profit organization, which shows security problem and fixes them, making life hard to crakers)? Ciao Michele
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
On Tue, 14 Jul 1998, Carlos Barros wrote: On Tue, 14 Jul 1998, cfb wrote: The main problem seems to be with the way that debian starts bind using the script /etc/init.d/bind. I thought it would be really neat to just change the #!/bin/sh at the top of the script to something like : #!/usr/sbin/chroot /chroot-dns/ /bin/sh or #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing only the line that start the bind daemon eg: chroot /chroot-dns/ /bin/named What this chroot gives You? Actually this is protection against simple exec(/bin/sh) but every cracker may put chroot(/) before this and all the protection is destroyed. My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use some portwrapper/redir. Does anyone use some of these? --- Cougar -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
Carlos Barros wrote: On Tue, 14 Jul 1998, cfb wrote: The main problem seems to be with the way that debian starts bind using the script /etc/init.d/bind. I thought it would be really neat to just change the #!/bin/sh at the top of the script to something like : #!/usr/sbin/chroot /chroot-dns/ /bin/sh or #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing only the line that start the bind daemon eg: chroot /chroot-dns/ /bin/named Splendid idea - but it still runs as root.. I guess that bind does not need anything except it's external programs (named-xfer etc) and the config files? -- Leigh -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
-BEGIN PGP SIGNED MESSAGE- Cougar wrote: On Tue, 14 Jul 1998, Carlos Barros wrote: On Tue, 14 Jul 1998, cfb wrote: The main problem seems to be with the way that debian starts bind using the script /etc/init.d/bind. I thought it would be really neat to just change the #!/bin/sh at the top of the script to something like : #!/usr/sbin/chroot /chroot-dns/ /bin/sh or #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing only the line that start the bind daemon eg: chroot /chroot-dns/ /bin/named What this chroot gives You? Actually this is protection against simple exec(/bin/sh) but every cracker may put chroot(/) before this and all the protection is destroyed. [mod: It is slightly less trivial than 'chroot(/)', but if you can execute arbitrary code as root, you can break out of the chrooted environment. --REW] My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use some portwrapper/redir. Does anyone use some of these? [mod: Patches are floating around. -- REW] Why are linux users always trying to patch software without rechecking with the author first? See the -u (uid) and -g (gid) flags of named 8.1.2 (as described in the README and INSTALL files). Also note the -t flag to specify the chroot-dir... Bye, Wolfgang. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg,Germany Email: [EMAIL PROTECTED] Phone: +49 40 5494-2262 Fax: +49 40 5494-2241 PGP-Key available via finger [EMAIL PROTECTED] any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -BEGIN PGP SIGNATURE- Version: 2.6.2i iQEVAwUBNa88W8vEMj/EqWIlAQGRAggAmXUgnzJGCCc4iNG8sOpDlsf256ZoMeBC E4XqDWjAe1zwyjL2XvMnA5lbA6GX+s7Gi0wTPlOTR3e6VPBNLqt5n5c0xDjTQAcz 00sNSrv/9jJXTPSNA12fbcLPzkMUMvakF1l1hpXPycjua5dvV0gFaYKA1X6Ht2Pq AY0USXfk4zk0i+bdGXflCE+N6HHjZa/+Rw9szZIwWGmjKXDGi7jBoepWXVU+WwGh HGrWtL2ty5YipK0hOdMuUhCsrLVMMAkTrZoX2f797O/K5Al1BH6QgQc9YnYsV+ft JQ1uu5dvLykvkp74LOAoiqHwbHTn6t2vWvxg0Ix61prVq4AjN81bAw== =Pbgc -END PGP SIGNATURE- -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
On Fri, Jul 17, 1998 at 11:30:32AM +0300, Cougar wrote: What this chroot gives You? Actually this is protection against simple exec(/bin/sh) but every cracker may put chroot(/) before this and all the protection is destroyed. [mod: It is slightly less trivial than 'chroot(/)', but if you can execute arbitrary code as root, you can break out of the chrooted environment. --REW] Yes, but at least the lastest version of bind has the option to drop root prevs after opening the socket. My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use some portwrapper/redir. Does anyone use some of these? You can use the kernel firewall for this, but in this case, has in most cases, there is no need. -- Filipe Marques de Almeida -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
On Fri, 17 Jul 1998, Cougar wrote: [mod: It is slightly less trivial than 'chroot(/)', but if you can execute arbitrary code as root, you can break out of the chrooted environment. --REW] My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use [mod: Patches are floating around. -- REW] Patches? Bind 8.1.2 has command-line options for running as non-root UID/GID and chrooted. It binds to port 53 before dropping root. This is only a problem if you have interfaces appearing/disappearing randomly that you need named to bind to. Most real name servers probably don't have that problem. -- Jon Lewis [EMAIL PROTECTED] | Spammers will be winnuked or Network Administrator | drawn and quartered...whichever Florida Digital Turnpike| is more convenient. __http://inorganic5.fdt.net/~jlewis/pgp for PGP public key -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
On Tue, 14 Jul 1998, Carlos Barros wrote: On Tue, 14 Jul 1998, cfb wrote: The main problem seems to be with the way that debian starts bind using the script /etc/init.d/bind. I thought it would be really neat to just change the #!/bin/sh at the top of the script to something like : #!/usr/sbin/chroot /chroot-dns/ /bin/sh or #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing only the line that start the bind daemon eg: chroot /chroot-dns/ /bin/named What this chroot gives You? Actually this is protection against simple exec(/bin/sh) but every cracker may put chroot(/) before this and all the protection is destroyed. use the -u and -g to set the UID/GID. http://redhat-security.seifried.org/ tells all =) [mod: It is slightly less trivial than 'chroot(/)', but if you can execute arbitrary code as root, you can break out of the chrooted environment. --REW] My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use some portwrapper/redir. Does anyone use some of these? [mod: Patches are floating around. -- REW] --- Cougar -seifried -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
On Fri, 17 Jul 1998, Cougar wrote: try changing only the line that start the bind daemon eg: chroot /chroot-dns/ /bin/named What this chroot gives You? Actually this is protection against simple exec(/bin/sh) but every cracker may put chroot(/) before this and all the protection is destroyed. Maybe, but if you make a tree with only bind, no ftp access, and the required libraries/config files, no cracker could exec no sh no chroot etc, etc. My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use some portwrapper/redir. Does anyone use some of these? AFAIK apache start in uid 0 gid 0; bind to port 80; change uid/gid... it would be good for bind to do it... Bye Carlos Barros. -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] Re: Chrooting bind 8.1.2 under debian 2.0
On Fri, 17 Jul 1998, Carlos Barros wrote: On Fri, 17 Jul 1998, Cougar wrote: try changing only the line that start the bind daemon eg: chroot /chroot-dns/ /bin/named What this chroot gives You? Actually this is protection against simple exec(/bin/sh) but every cracker may put chroot(/) before this and all the protection is destroyed. Maybe, but if you make a tree with only bind, no ftp access, and the required libraries/config files, no cracker could exec no sh no chroot etc, etc. I didn't mean shell's chroot command but chroot(2) system command. You can't block it if the code runs under root id. My idea is to run named non-root UID/GID. As named needs to bind port 53 which is below 1024 there are problem to execute it. One solution is to rewrite named code (like httpd) another is to make the hole into the kernel. Both are nonstandard solutions. There are also possible to use some portwrapper/redir. Does anyone use some of these? AFAIK apache start in uid 0 gid 0; bind to port 80; change uid/gid... it would be good for bind to do it... Appeared that bind8 can do this. --- Cougar -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: [linux-security] i386-elf-xquake-1.01.tgz (fwd)
Stefan Petters: just found this on linux--security. Seems to be contained in your tar--files for Debian as well. I don't want such things on my machines. I think, this Package can't be on a serious Debian--Distribution. I know, you can't keep an eye on everything, but if such things are found, they have to be removed. Well, I know of the script. I included it in the quake package because I didn't see it doing any serious harm, or exposing any security-related info, and because the quake authors requested that people run it. However, quake's postinst script prompts whether this should be run or not, as follows: A request from Crack dot Com: The runme program is a shell script which will send a letter to Crack dot Com with statistics about your computer so that we may learn more about the Linux market. Please run it only once. Do not run it again even if you get a new version of the game. We need this data to make our next game run well on your machine. It sends information from your /proc directory telling us about your devices, your CPU, your memory, etc. The program will send the contents of the following files to Crack dot com: /proc/cpuinfo /proc/devices /proc/meminfo /proc/version /proc/filesystems /proc/interrupts /proc/ioports /proc/modules /proc/pci Do you want to run the runme program? [Y/n] If you don't want to send this information, you obviously answer n here. Do you still believe this is a problem? -- #!/usr/bin/perl -i$=0;$=0;exec/bin/sh'achmod [EMAIL PROTECTED] $_=echo '#!/usr/bin/suidperl -U\n$^I 2755aa;s=a= $ENV{HOME}/Imroot;=g;exec$_ # Get root in 30 seconds or less. Fix this hole: upgrade to perl 5.003 today.. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]