From owner-freebsd-hackers Mon Jan 1 19:05:09 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id TAA24083 for hackers-outgoing; Mon, 1 Jan 1996 19:05:09 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id TAA24050 Mon, 1 Jan 1996 19:04:56 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id VAA11207; Mon, 1 Jan 1996 21:04:20 -0600 From: Joe Greco Message-Id: <199601020304.VAA11207@brasil.moneng.mei.com> Subject: Re: Answer to /bin/ls and ftp (should be documented) To: j@uriah.heep.sax.de (J Wunsch) Date: Mon, 1 Jan 1996 21:04:19 -0600 (CST) Cc: hackers@FreeBSD.org, questions@FreeBSD.org In-Reply-To: <199601011754.SAA05624@uriah.heep.sax.de> from "J Wunsch" at Jan 1, 96 06:54:02 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@FreeBSD.org Precedence: bulk > As Joe Greco wrote: > > > > The more paranoid among us will be even more cautious: you don't want > > people gaining a comprehensive listing of users on your system as easily as > > downloading the pwd.db file. I do something similar but with a twist: > > You could as well install a list of dummy users. Then you might as well not do it at all (or make 'em all "ftp"). Usually people want to display the usernames in order to provide an easy to see correlation between a file and which archive maintainer installed it... My technique at least minimizes the chances of somebody finding out complete lists of semi-useful information about users (i.e. what users there are), and also protects more subtle very-useful information about things like assigned UID's (think: "someone pulling tricks with NFS"). First rule of security, the less they know, the safer you are. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847