Why are files like /etc/passwd readable by all?

[southsider]

Pretty simple really, this seems to be a total arse to get around when you want to lock down user accounts - unless I'm missing something obvious...

What's the future? ACL's? SELinux?

:clueless:

Thanks

[adaptr]

How so ?
Can you explain to me how you would circumvent the authentication mechanism solely by being able to read the passwd file ?

There are several good howto's and guides on www.tldp.org on basic Linux security and authentication - search for "shadow passwords".

That was a free hint, by the way
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[southsider]

Thing is, I don't want users to be able to discover everything about my system configuration.

chroot jails seem a bit of a cop-out, though.

[thatguyiam]

There's jailshell if you really want to tie your users down.

[sven-tek]

they are free to see, because security by obscurity doesn't work

for example, windows trys to hide information like this, but you can read
one admin-password that has been changed the last time, from the cache if you are logged in as an administrator too. so windows is only safe because not the hole world knows it.

ups, did i tell?

[southsider]

I don't want users to be able to find out about other local users, though...

It's a simple pre-emptive measure.

[nevynxxx]

[southsider]

My idea of a secure system is denying access to everything and then explicitly allowing access to things users require access to.

Apache seems to work that way.

[spb]

If you really want to deny access to stuff like this, SELinux can help. However, getting it working on the desktop (ie with X) is a non-trivial undertaking right now. And yes, the default behaviour is to deny everything that isn't explicitly allowed.

[angoraspruce]

[justanothergentoofanatic]

Well, encryption is provably perfect obscurity. Even if you know everything about how the information was encrypted, you still can't decrypt the information. This is different from most forms of information hiding, where you can retrieve the information as long as you have a rough idea of how it was hidden.

However, nevy does have a valid point if you consider the complete human system instead of just the computers. Even if an e-mail was encrypted, you can always get the information from the person who wrote it. One could argue that encryption is useless obscurity since many hackers/crackers have successfully used social engineering to circumvent it.

Anyway, I think /etc/passwd is visible mainly for legacy reasons. Originally, programs needed to access /etc/passwd so they could validate accounts and verify passwords. But now that we have PAM to do authentication for us, I don't see the need for a world-readable /etc/passwd.

-Mike

[RedDawn]

[j-m]

[teknomage1]

Couldn't a user get a list of other local users by executing 'ls ../' from their home directory?

[nevynxxx]

My point was that the phrase "security through obscurity is worthless" is compleatly wrong.

At a basic level, the only security that can be obtained, whilst still giving access to some services, is through obscurity.

Obviously some levels of obscurity (i.e cryptography) are better than others.

What is port knocking?? Is it obscurity or is it cryptography? It does after all have a key.

That key is easily sniffed though, at which point it becomes pure obscurity.

Port knocking is useful against script kiddies, i.e. they wont find any open ports. But very bad against a concerted hack attempt, as it gives a false sense of security.

@angoraspruce
[quote=http://www.askoxford.com/]
encrypt

/enkript/

• verb convert into code.

obscure

• adjective (obscurer, obscurest) 1 not discovered or known about; uncertain. 2 not well known. 3 not clearly expressed or easily understood. 4 hard to make out; indistinct.

• verb conceal or make unclear.
[/quote]

That doesn't help much

I would say cryptography was a subset of obscurity, where cryptography has known (or unknown) algorithms and known keys.[/quote]
_________________
My Public Key

Wanted: Instructor in the art of Bowyery

[rex123]

The phrase "security though obscurity" normally refers to a security system that relies on other people not knowing how it works. eg hiding something in your shoe. This type of security can be very successful, but it is a mistake to rely on it. "Real" security is gained when you can tell the world exactly what your method is, and they still can't get at your data. That's where cryptography comes in. We all know (basically) how SSL works, for example, but it would take us a long time to decipher any SSL data we capture. Or that's the idea.

On a different subject...

[nevynxxx]

[F.Ultra]

[nevynxxx]

[adaptr]

By your reasoning, you claim to feel more secure if your home had an unlocked door that nobody could find, than if it had a normal door with a secure lock.

Think about it - I know which one I'd prefer.

There is a difference, but it's subtle enough that nobody's mentioned it yet.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[southsider]

OK if I could please knock this thread back on topic...

# chmod 751 /home

Any issues with this? I don't see any. All directories are still properly secured.

Will SELinux deal with stuff like normal users being able to lsmod and do other things they really should have no interest in?

[spb]

[nevynxxx]

[adaptr]

To you - which seems obvious to me

Your position on obscurity vs. encryption, and encryption being a form of obscurity.

Perhaps the analogy falls a little short, but in general I do not think of encryption, decent encryption where you can tell a malicious 3rd party exactly which cipher you used, and he will still not be able to crack one message in exponential time, as anything like obscuring sensitive data.

Except in the very, very literal sense, of course...

Heh.

I'll rectify that: the analogy sux0rs
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[southsider]

So, any problems with 751'ing /home?