Re: Security issues in publishing content of /etc ?

[Fabio Miranda Hamburger <fabmirha () ns isi ulatina ac cr>]

Hi.

>   What if the content of the /etc/ directory of a linux server was public to anyone logged
> in. And what if
> anyone could log in, with read-only access.

You could use a brute force attack to get weak passwords. You may find
software installed in the machine or other hosts information.

>   I believe the security issue here is that there will be no secrets for anyone who wants
> to hack, they'll
> know the DNS IP, running services, their options, they will be able to copy /etc/passwd
> and crack the
> passwords with time.

Too few changes you get a readable shadow password file nowadays. You cant
do password cracking with /etc/passwd. The host IP or 'dns ip' is public
avalible and It is not a risk by itself.

>   I'm asking this because I'm soon going to develop a file sharing program which the whole
> network will
> mimic a single virtual host, but with no central nodes, the write permissions will be
> stored publicly,etc.

You can chroot a filesystem to prevent users to view systems files. A
server can do the sharing and other just authenticate users.



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------