One of the sites I do work for runs Gauntlet 3.1 under SunOS 4 (and
for the record, it performs quite well, considering the load.) Last
week I took a look around the system and found some rather glaring file
permsission problems:
drwxrwsrwx 2 root staff 512 May 20 1996 /etc/sm
drwxrwsrwx 2 root staff 512 May 20 1996 /etc/sm.bak
-rwxrwxrwx 1 root wheel 24576 May 22 1996 /usr/local/etc/udpnull
-rw-rw-rw- 1 root bin 50036 Apr 10 18:04 /usr/kvm/sys/gauntlet/
swipe/swipemod
-rw-rw-rw- 1 root staff 72 Apr 25 14:08 /etc/utmp
-rw-rw-rw- 1 root staff 4 Apr 10 18:04 /etc/syslog.pid
-rw-rw-rw- 1 root staff 1 May 20 1996 /etc/state
....in other words, a stock SunOS system (right down to the suid
/usr/openwin/bin/loadmodule) with some TIS-isms thrown in.
These were on the Day 0 dump tape, so the firewall was *installed*
this way. Now maybe I'm being excessively paranoid, but isn't the
OS supposed to be hardened up a bit before implementing it as a firewall?
This is not a TIS flame; I was simply shocked to see all these
writable files and setuid binaries on the system. Granted, no
one should be able to get a shell-- root or otherwise-- on the
system, but who knows what madness lurks in the depths of 3rd
party proxies.
Just curious if anyone else has seen this...
James
--
James W. Abendschan jwa @
jammed .
com
JAMMED Systems, Inc. http://www.jammed.com
"Turing," she said. "You are under arrest." -- William Gibson
|
|
