Security Basics mailing list archives
Re: Security issues in publishing content of /etc ?
From: Fabio Miranda Hamburger <fabmirha () ns isi ulatina ac cr>
Date: Mon, 9 Aug 2004 10:12:55 -0600 (CST)
Hi.
What if the content of the /etc/ directory of a linux server was public to anyone logged in. And what if anyone could log in, with read-only access.
You could use a brute force attack to get weak passwords. You may find software installed in the machine or other hosts information.
I believe the security issue here is that there will be no secrets for anyone who wants to hack, they'll know the DNS IP, running services, their options, they will be able to copy /etc/passwd and crack the passwords with time.
Too few changes you get a readable shadow password file nowadays. You cant do password cracking with /etc/passwd. The host IP or 'dns ip' is public avalible and It is not a risk by itself.
I'm asking this because I'm soon going to develop a file sharing program which the whole network will mimic a single virtual host, but with no central nodes, the write permissions will be stored publicly,etc.
You can chroot a filesystem to prevent users to view systems files. A server can do the sharing and other just authenticate users. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Security issues in publishing content of /etc ? lemieuxs (Aug 09)
- Re: Security issues in publishing content of /etc ? Lukasz Sztachanski (Aug 09)
- Re: Security issues in publishing content of /etc ? Fabio Miranda Hamburger (Aug 09)
- <Possible follow-ups>
- Re: Security issues in publishing content of /etc ? lemieuxs (Aug 09)
- Re: Security issues in publishing content of /etc ? Fabio Miranda Hamburger (Aug 09)
- *sigh* Re: Security issues in publishing content of /etc ? Evaldo Gardenali (Aug 10)
- Re: Security issues in publishing content of /etc ? Fabio Miranda Hamburger (Aug 09)