home *** CD-ROM | disk | FTP | other *** search
/ NetNews Usenet Archive 1992 #31 / NN_1992_31.iso / spool / comp / os / vms / 19723 < prev    next >
Encoding:
Text File  |  1992-12-22  |  8.0 KB  |  177 lines
  1. Newsgroups: comp.os.vms
  2. Path: sparky!uunet!zaphod.mps.ohio-state.edu!moe.ksu.ksu.edu!ux1.cso.uiuc.edu!news.cso.uiuc.edu!jsue
  3. From: jsue@ncsa.uiuc.edu (Jeffrey L. Sue)
  4. Subject: Re: HELP!!! Security problem for gurus.
  5. References: <B1FB21FFA27F004AEF@imimnvx.irfmn.mnegri.it> <Bz1nrE.ALq@unx.sas.com> <1992Dec19.025940.1@us.oracle.com>
  6. Message-ID: <1992Dec22.161918.9033@ncsa.uiuc.edu>
  7. Originator: jsue@pluto.ncsa.uiuc.edu
  8. Sender: usenet@news.cso.uiuc.edu (Net Noise owner)
  9. Organization: The Dow Chemical Company
  10. Date: Tue, 22 Dec 1992 16:19:18 GMT
  11. Keywords: hack security files-11 protection
  12. Lines: 163
  13.  
  14. In article <1992Dec19.025940.1@us.oracle.com> comet@us.oracle.com writes:
  15. >In article <Bz1nrE.ALq@unx.sas.com>, sasjzs@falcon.unx.sas.com (Joseph Slater) writes:
  16. >>
  17. >>In article <B1FB21FFA27F004AEF@imimnvx.irfmn.mnegri.it>,
  18. >>PSI%ITAPAC.22800002::PITCLS::ADRIANO@imimnvx.irfmn.mnegri.it
  19. >>(Adriano Santoni) writes:
  20. >>
  21. >>|>      I need to avoid certain people to scan a directory of mine.
  22. >
  23. >Well, there are "avoidance" techniques you can use.
  24. >
  25. >>|>      This could seem a very trivial issue, if it was not for
  26. >>|>      the following:
  27. >>|>      o  Some users of mine have (and need to retain)
  28. >>|>         *ALL* privileges
  29. >
  30. >There are NO "prevention" techniques effective against fully privileged users.
  31. >
  32. >Having the directory level be at level 9 or lower (to 15?) and accessing it
  33. >via a concealed, terminal logical name is an excellent avoidance technique.
  34. >I've used this in conjunction with recursive directory specifications
  35. >(by $ CREATE/DIRE <.1> and $ SET FILE/ENTER=[.1]2.DIR 1.DIR.  Horrid, eh? ;)
  36. >to really confuse things.  Again, making a pathological directory will stick
  37. >out during an $ ANALYZE/DISK operation.
  38. >[some deleted]
  39. >Other ideas:  You can write a program to set the directory (and enclosed files)
  40. >de-access locked.  I don't know how effective (if at all) this would be, but
  41. >you can $ UNLOCK file when you're ready to use it.
  42. >
  43. >You can munge the .DIR file so that anybody normally browsing your directory
  44. >will receive any escape sequence you can imagine that would disable their
  45. >terminal.  This may discourage casual scanning, and draw the attention of
  46. >"hacker" types, so you can use this technique both as a decoy and as a
  47. >countermeasure.  I put some of these in higher levels of my recursive tree.
  48.  
  49. I want to warn anyone using "unsupported" VMS techniques like putting the
  50. directory below 8 levels deep, renaming the .DIR to something else (e.g.,
  51. .DAT), or completely munging the directory.
  52.  
  53. If this information is important to you, then just realize that VMS BACKUP
  54. will "lose" this information in the event of a full disk restore.  Also,
  55. if ANALYZE/DISK/REPAIR (before or after the restore) will place these files
  56. in [SYSLOST].
  57.  
  58. Just to see what would happen, I used my V5.5-2 system to create a directory
  59. 16 levels deep and created a file in it.  This is [X1...X16]XXXX.XXXX
  60.  
  61. Also, I created [YY]TEST1.DAT and then renamed yy.dir to ZZ.DAT.  Here is
  62. the backup listing that resulted.
  63.  
  64. *********************
  65. Listing of save set(s)
  66.  
  67. Save set:          X.BAK
  68. Written by:        S084349
  69. UIC:               [000001,000005]
  70. Date:              22-DEC-1992 11:02:20.98
  71. Command:           BACKUP/IMAGE DISK$VUSER2: DISK$VUSER1:[000000]X.BAK/SAVE
  72. Operating system:  VAX/VMS version V5.5
  73. BACKUP version:    V5.5-2
  74. CPU ID register:   13000202
  75. Node name:         _CRVS02::
  76. Written on:        _$1$DKA200:
  77. Block size:        32256
  78. Group size:        10
  79. Buffer count:      116
  80.  
  81. Image save of volume set
  82. Number of volumes: 1
  83.  
  84. Volume attributes
  85. Structure level:   2
  86. Label:             VUSER2
  87. Owner:
  88. Owner UIC:         [000001,000004]
  89. Creation date:      9-DEC-1992 07:39:39.87
  90. Total blocks:      1316751
  91. Access count:      3
  92. Cluster size:      3
  93. Data check:        No Read, No Write
  94. Extension size:    5
  95. File protection:   System:RWED, Owner:RWED, Group:RE, World:
  96. Maximum files:     164593
  97. Volume protection: System:RWCD, Owner:RWCD, Group:RWCD, World:RWCD
  98. Windows:           16
  99. Minimum retention:   30 00:00:00.00
  100. Maximum retention:   30 00:00:00.00
  101.  
  102. [000000]BACKUP.SYS;1                                      0   9-DEC-1992 07:39
  103. [000000]BADBLK.SYS;1                                      0   9-DEC-1992 07:39
  104. [000000]BADLOG.SYS;1                                      0   9-DEC-1992 07:39
  105. [000000]BITMAP.SYS;1                                    109   9-DEC-1992 07:39
  106. [000000]CONTIN.SYS;1                                      0   9-DEC-1992 07:39
  107. [000000]CORIMG.SYS;1                                      0   9-DEC-1992 07:39
  108. [000000]DEFRAG.DIR;1                                      1  12-DEC-1992 14:36
  109. [DEFRAG]$1$DKA0_PIC.LIS;1                                13  12-DEC-1992 15:33
  110. [DEFRAG]$1$DKA200_PIC.LIS;1                              10  12-DEC-1992 16:56
  111. [000000]INDEXF.SYS;1                                   1062   9-DEC-1992 07:39
  112. [000000]OFFLOAD.DIR;1                                     1  12-DEC-1992 14:41
  113. [000000]PATCHES.DIR;1                                     1  10-DEC-1992 09:08
  114. [000000]SCR.DIR;1                                         1  12-DEC-1992 14:41
  115. [000000]SYSLOST.DIR;1                                     1   9-DEC-1992 07:39
  116. [000000]VOLSET.SYS;1                                      0   9-DEC-1992 07:39
  117. [000000]X1.DIR;1                                          1  22-DEC-1992 10:48
  118. [X1]X2.DIR;1                                              1  22-DEC-1992 10:48
  119. [X1.X2]X3.DIR;1                                           1  22-DEC-1992 10:48
  120. [X1.X2.X3]X4.DIR;1                                        1  22-DEC-1992 10:48
  121. [X1.X2.X3.X4]X5.DIR;1                                     1  22-DEC-1992 10:48
  122. [X1.X2.X3.X4.X5]X6.DIR;1                                  1  22-DEC-1992 10:48
  123. [X1.X2.X3.X4.X5.X6]X7.DIR;1                               1  22-DEC-1992 10:48
  124. [X1.X2.X3.X4.X5.X6.X7]X8.DIR;1                            1  22-DEC-1992 10:48
  125. [X1.X2.X3.X4.X5.X6.X7]X9.DIR;1                            1  22-DEC-1992 10:50
  126. [X1.X2.X3.X4.X5.X6.X7.X9]X10.DIR;1                        1  22-DEC-1992 10:50
  127. [000000]ZZ.DAT;1                                          1  22-DEC-1992 11:01
  128. []000000.DIR;1                                            2   9-DEC-1992 07:39
  129. []TEST1.DAT;1                                             1  22-DEC-1992 11:01
  130. []X11.DIR;1                                               1  22-DEC-1992 10:50
  131. []X12.DIR;1                                               1  22-DEC-1992 10:50
  132. []X13.DIR;1                                               1  22-DEC-1992 10:50
  133. []X14.DIR;1                                               1  22-DEC-1992 10:50
  134. []X15.DIR;1                                               1  22-DEC-1992 10:50
  135. []X16.DIR;1                                               1  22-DEC-1992 10:50
  136. []XXXX.XXXX;1                                             1  22-DEC-1992 10:50
  137.  
  138. Total of 35 files, 1220 blocks
  139. End of save set
  140.  
  141. **************************************
  142. NOTE:  All files and directories will not be restored correctly if a disk
  143.     problem occurs.
  144.  
  145.  
  146. >
  147. >You can also create files which, when browsed (say, with a $ TYPE filename
  148. >command), will result in the immediate termination of the browsing process!
  149. >(Make sure BUGCHECKFATAL is FALSE).  Such a file cannot be COPYed, although
  150. >it can be BACKUPped.  PRINTing such a file will cause the queue to stop.
  151. >{sudden thought, I wonder what would happen if this poison file were a valid
  152. >directory format, and I renamed it to .DIR.1?  Another avoidance technique!}
  153.  
  154. Cool... how do you do this?
  155.  
  156.  
  157. >
  158. >If you have a MAIL subdirectory, then having extra files in there with names
  159. >like MAILbigfilename.MAI is fairly inconspicuous.  Unless somebody is being
  160. >particularly snoopy, (or using the $ SEARCH command), then this method is a
  161. >decent "avoidance" technique.
  162. >
  163.  
  164. Now that's a creative way to do it.  Just hope MAIL doesn't decide to use
  165. that MAILbigfilename.MAI sometime - though it may check for this and handle
  166. it correctly, I've no idea how to test this.  (besides I'm sure that the
  167. possibility is quite small)
  168.  
  169. Anyway, just wanted to make sure people are aware of problems with using
  170. some of the "avoidance" techniques.
  171.  
  172.  
  173. -- 
  174. -----
  175. Jeff Sue   
  176.  - All opinions are mine -       (and you can't have any, nya nya nya)
  177.