home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20010306-20010921
/
000095_news@columbia.edu _Tue May 1 13:15:47 2001.msg
< prev
next >
Wrap
Internet Message Format
|
2001-09-20
|
3KB
Return-Path: <news@columbia.edu>
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by monire.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id NAA11048
for <kermit.misc@cpunix.cc.columbia.edu>; Tue, 1 May 2001 13:15:47 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id NAA11165
for kermit.misc@watsun.cc.columbia.edu; Tue, 1 May 2001 13:07:10 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: era@eracc.hypermart.net (ERA)
Organization: ERA Computer Consulting
Message-ID: <gWtomC2dEjRt-pn2-z21pfYiTV9Jm@localhost>
Subject: OS security (was Re: copying a file to a ftp-server)
Date: Tue, 01 May 2001 17:03:36 GMT
To: kermit.misc@columbia.edu
On Thu, 26 Apr 2001 21:37:23, Rich Gray
<richNOgSPAM@plustechnologies.com> wrote:
> Frank da Cruz wrote:
> >
> >...
> > As for password safety, putting passwords in the .netrc file is
> > no safer than putting them in scripts. The only solution to this
> > problem is to use secure authentication methods. But the
> > limiting factor in this case is whether a secure server is
> > available on the other end. At the moment, this is generally not
> > the case. But increasingly, it can be. As noted previously,
> > secure FTP servers are available:
> >
> > http://www.columbia.edu/kermit/ftpd.html
> >
> > and as time goes on they will find their way into standard UNIX
> > distributions.
> >
> > - Frank
>
> There can be a heck of a difference between getting a
> userid/password from a .netrc file or some other indirect source
> and specifiying directly on the command line. If you put it in on
> a command line, it can show up in ps! Talk about exposed!
..
>
> Cheers!
> Rich
Ahhh, now you are talking about another "kettle of fish". Security of
OS commands. On most *nix-like systems I administer that have outside
access the majority of commands like ps are available only to root.
There is rarely need for the lowly user to have access to these. So
unless a cracker has gained root access to your system, in which case
passwords are no longer a problem for him/her, no one other than root
should be able to use them and thus expose your password. The root
user(s) on your system will most likely be the only ones needing
access to ps and other utilities in most cases. If you can't *trust*
your root user(s) with your passwords then you already have a serious
problem.
This issue relates to the ftp with c-kermit question only
incidentally because of the possible use of a name/pw pair on the
command line. It is really an OS security issue about what OS
commands should or should not be available to the lowly user. I vote
for necessary applications only. Keep the OS administrative commands
like ps *out* of their desecrating little paws. :-)
Gene <gene@eracc.hypermart.net>
--
+=========================-=>Unix & OS/2<=-=========================+
# Owner and C.E.O. - ERA Computer Consulting - Jackson, TN USA #
# Providing OS/2, OpenServer & Linux Business Computing Solutions #
# Please visit our www pages at http://eracc.hypermart.net/ #
+===================================================================+
We run IBM OS/2 v.4.00, Revision 9.036
Sysinfo: 40 Processes, 149 Threads, uptime is 0d 0h 41m 55s 716ms