-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 29 Jul 1999, Gustavo Rios wrote:
> .qmail* (Are you referring to /var/qmail/alias/.qmail* ?)
I'm really not able to say what happened to rootshell -- but since I'm
underconstant attack -- I can tell you what I have seen and what I have
done (with respect to ssh/qmail, etc.)
no.... follow this secenerio:
A host "A" has qmail/ftp/apache and is an ISP type machine. Users need
to be able to ftp to it to update their html files for the web server
and pop (or apop?) to it to get mail and to use it as an outgoing smtp
gateway.
Well, if someone can sniff even a single incoming password (ie: pop or
ftp) .. they can then use this access to write files (or read files)
from the machine. If the incoming FTP can put in a ~user/.qmail* file,
then one can send commands to a program/shell. If one can FTP in a
cgi-bin program, then they can run commands that way.
So far, I have user home dirs owned by root with files like .qmail
pointing to ./Maildir, a "public_html", and any dir with a domain like
"www.mysite.com" and a "word" dir.. where the users can write -- but
they can't write to the top level of their home (sure, I could probably
do this with wuftpd upload as well, but I'm doing it with that *and*
unix perms). cgi is controlled by a suser / wrap where files have to be
"blessed" and once blessed, they can't be modified -- so even through a
file can be put into the cgi-bin directory, it won't execute until
blessed. Finally, adding ipfilter to this machine seems to keep off the
standard wave of things (this is a sun) like rpc.cmsd, rpc.statd, etc.
I've also modified ssh not to allow scp and use "uselogin" to is will
ask for a primary password and then run opie.
Scott
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN6CIeh4PLs9vCOqdAQHUhQP8CTgB4QV3BgXTw8X6EsZLUGwonaIuBJff
sE+CubwUb2L9vy6EbmIcf5Q0fyHwX+hloQg0Kr085aTM8vIiUQWdK8dzJrgLrIwJ
L1owsktjsTEdh9V81+WbSrAuhuiJ2wqo6tt7BFxLNY0oalJTJwOyxqVivr3wSIEa
wXi5yaMVBUQ=
=J5FG
-----END PGP SIGNATURE-----
