Re: Why do system users have non-empty $HOME? (was Re: Why do system users have valid shells)
On Sat, 25 Oct 2003 02:46, Joe Moore wrote:
> > To create a file in /bin you need root access. Therefore to create
> > /bin/.rhosts you need more access than such a file will grant. There
> > is no point in such an attack. Why would someone create /bin/.rhosts
> > when they can create /root/.rhosts?
>
> There are many programs that use files in the target user's home directory
> for authentication. rsh and ssh are two common examples. Many of these
> programs would not be hindered by an invalid shell. That's why I
> originally said that the home directory is more important than what is in
> the seventh field of /etc/passwd. I should not have made my comment
> specific to UID2.
Which goes back to my previous question, what do you think it should have as
the home directory then?
> As to why someone would create /bin/.rhosts rather than /root/.rhosts,
> perhaps a sysadmin has mistakenly allowed "sudo cp * /bin" for a user who
> normally installs software?
In which case they could install a trojan /bin/bash and get access to every
account.
> Ok, that's a rather artificial example, but
> how about a buggy game that that can drop a .rhosts file in /usr/games?
Again, a much more useful attack would be to replace a game with a trojan and
to exploit every account that is used to run a game. Maybe one of the
fortune-cookie type packages puts a binary in there which can be run at login
time...
> Or
> a buggy manpage that drops a .rhosts file in /var/cache/man?
That is something that could be usefully changed.
> > Does bin even own ANY files or have write access to ANY directories on
> > a default install? From a quick look it seems that account "bin" gets
> > no write access to anything on a Linux system.
>
> If "bin" has no valid password, owns no files, runs no processes, and can
> write to no directories, then why does "bin" exist at all?
Beats me. Compatability I guess.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: