[1915] in SIPB-AFS-requests
comments on satan_doc/html/tutorials/vulnerability
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Wed Apr 5 06:03:20 1995
From: mhpower@MIT.EDU
To: star-maintainers@MIT.EDU
Date: Wed, 05 Apr 95 06:01:44 EDT
I looked over the satan_doc.tar.Z distribution (it's available from a
number of sites ... I used coast.cs.purdue.edu). It has a directory
html/tutorials/vulnerability that gives the author's views of the
security holes that satan tests for. I thought I'd offer my views (or
predictions, which I suppose may soon enough be proven wrong)...
NFS_export_to_unprivileged_programs: The authors think you shouldn't
allow an unprivileged user on some other machine to mount your
filesystem. I don't think this has any real relevance to server
security, since an untrusted person can probably get root access to
some other machine on the Internet (PCs, etc.) to do the mount from.
NFS_export_via_portmapper: I don't think this matters much if the
filesystem is exported to the whole Internet (which is the case for
sipb machines). As far as I could tell from the "nfsbug" program,
mounting via the portmapper works for the filesystem exported by
anxiety-closet, but not for the filesystems exported by charon or
bloom-picayune. It's possible that building a new Solaris portmap
would be a good idea, but I don't think it's vital since everyone can
mount the filesystem by talking directly to the mountd anyway...
NIS_password_file_access: We don't run NIS.
REXD_access: We don't run rexd.
Sendmail_vulnerabilities: We have 8.6.11. The latest version is 8.6.12
which appears not to have any patches relevant to security on sipb
machines (it affects people whose sendmail makes ident queries).
TFTP_file_access: We don't run tftpd.
remote_shell_access: We don't run rshd on any server machines. Access
via non-Kerberized rlogin seems unlikely, although I'm not sure
how the Ultrix ruserok code deals with the comment line in /.rhosts,
so I've made /.rhosts zero length on the machines that have rlogind
enabled (bloom-picayune and charon). You can look at the original
version in the decmips /srvd/.rhosts.
unrestricted_NFS_export: This would seem to be less of a problem with
Kerberized NFS. There may be a few directories that should be chmod'd
on machines that export /var. One example is /var/adm/crash, which
has crash dumps that could presumably include arbitrary things that
happened to be in memory. These were made mode 700 on bloom-picayune
and charon a while ago, it seems.
unrestricted_X_server_access: Our servers don't run X.
writable_FTP_home_directory: Presumably this only matters on rtfm, which
has "drwxrwxr-x 7 root system 512 Apr 4 14:58 /u1/ftp"
Matt