[108336] in Cypherpunks
Re: Eskimo North: The Anti-Privacy "ISP"
daemon@ATHENA.MIT.EDU (Mike Duvos)
Fri Feb 12 15:51:28 1999
Date: Fri, 12 Feb 1999 12:32:19 -0800
To: cypherpunks@cyberpass.net
From: r00t@eskimo.com (Mike Duvos)
Reply-To: r00t@eskimo.com (Mike Duvos)
Anonymous <nobody@replay.com> writes:
> Sounds like the first thing you did was to start probing their
> system for security holes.
Well - I wouldn't call looking at publicly available filesystem
information probing. "ls" is not a hacking tool. I don't
currently know of any SunOS 4.1.4 exploits which don't involve
compiling programs and running them.
Unix has improved a bit since the days when you could do
no-brainer things with IFS and symbolic links, trick system
programs into loading bogus libraries, and make sendmail hurl.
I've never seen a provider that went into a state of panic before
simply because someone was looking around, and running regular
programs that were up on the system. These guys panic if you
grep a "ps" to see what services they are running, or if you
visit a Unix security site on the Web. Most providers do not
disable "chsh" because someone chooses to use Bash.
Can you imagine Netcom behaving like this? LOL!
> Of course you didn't do this with the idea of exploiting any
> vulnerabilities you found, but just to see how well maintained
> the system was.
Well, after 25 years of experience on almost every conceivable
instruction set architecture and operating system, I do have a
habit of looking about when I get on a box. I don't do so with
the intention of hacking additional privileges, and if I see
something really risky, I generally just send the sysadmin a nice
note suggesting a fix.
> It's still an unfriendly act. If you find someone coming up to
> your house and trying all the doors to see if they're locked,
> probing the windows to see if they can be forced open, etc., then
> you're not going to be happy, even if he says he's just checking
> to see how well you secure your residence.
If I lease a house, I can certainly look at whether the windows
lock. If I lease an address space, I can certainly say things to
the shell running in it. Clearly, if those things perturb normal
system operation, or create additional privileges, that is a
legitimate concern. But nothing I did fell into that category.
"Here's a shell account, but you're not allowed to look at
anything" sounds vaguely like a rehash of "security by
obscurity." Unix is a very secure OS when properly configured,
and doesn't need to have users' keystrokes monitored by unclued
individuals working themselves up into a state of panic.
> You should get permission from the owner of a system before
> acting like an attacker.
I agree completely. But I would associate an "attack" with
something like portscanning, exploiting a race condition, or
trying to buffer overflow an suid root program.
People should be free to explore their accounts without the
computer equivalent of "loitering in public and acting
suspiciously" being invoked. For many people, such exploration is
how they learn about Unix in the first place, and Unix is hardly
so fragile that one has to be concerned about accidently breaking
it. That's why the CPU has privilege levels.
> What was your next step going to be? Run Satan against it?
> When does the owner get to object?
Of course not. Satan is just a big script for people who can't
remember how to check obvious things from the command line. :)
The owner gets to object if someone is trying to get additional
privileges, or is adversely affecting the smooth operation of the
system. Absent that, I think the Unix security model keeps the
users sufficiently isolated from each other, and from the kernel,
and it's not necessary to start pre-emptively deleting people if
you don't understand precisely what they are doing and why.
At least not without sending them a nice Email first. :)
The people Eskimo needs to worry about are hackers who root an
infrequently rebooted box at 3AM and load a new kernel module,
are gone in 5 minutes without leaving a trace, and come back in a
month to collect a huge list of everyone's password sniffed off
the LAN, which they then trade with their friends on IRC.
I apply for an account under my own name. I'm not exactly
unknown on the Net. I take a validation call. I send the guy
$48 on the second day of my 2 week free trial. Does he really
think I am there to destroy his system? OH-MY-GOD, he set an
environment variable. EXTERMINATE!
It's *MY* shell, I paid for it, and I get to play with it,
within reason.
--
Mike Duvos $ PGP 2.6 Public Key available $
r00t@eskimo.com $ via Finger $
{Free Cypherpunk Political Prisoners Jim Bell and Toto}
