Re: Why is root having a .forward file a "Big Security risk"

Jay D Koonz · ‎11-19-2002

The subject says it all.

Ride Boldly Ride, but watch out for El Dorados

Jeff Schussele · ‎11-19-2002

Essentially if someone could edit or replace root's .forward file they could receive system notices, or cause commands to be run, that could make unauthorized entry easier.
Therefore it's critical that perms be locked down on this file if used.

Rgds,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Jay D Koonz · ‎11-19-2002

The .forward file would be read-only once created. It would just have one line
"jkoonz@usco.com". Since only unixid root can change the file, I can't see where having the file is a security hole. If it's changed, I got much bigger problems.

Ride Boldly Ride, but watch out for El Dorados

S.K. Chan · ‎11-19-2002

It's the content of .forward (in my opinion) that's going to pose the biggest threat. If readable by others it could potentially give or lead to information regarding forwarding email address, email filters configuration, etc, etc which opens up more holes for exploit.

Patrick Wallek · ‎11-19-2002

You are right, if root's .forward were to be changed, you'd have big problems.

The thing is, if someone hacked into your system and changed the .forward so that it ran a script named xyz, which .forward can do, that did something nasty to your system in addition to forwarding the mail to you, would you know about it? Are you certain that you'd catch it before something nasty happened?

The fact that the script is read-only help, but is really irrelavent. If someone got into the root account, read-only isn't going to stop them.

There are MANY MANY things in the unix system that are large security risks (telnet, r* commands, ftp - all these send passwords across the net as clear text). The thing you have to do is determine if the risk is worth it in your particular instance.

The only way to have a truly secure system is to turn it off, which won't do you any good.

Jeff Schussele · ‎11-19-2002

Yes, I'd agree.
Remember that .forward MUST be owned by root:sys as well as 400 or 600 perms to be allowed to be accessed.

Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

James R. Ferguson · ‎11-19-2002

Hi:

Jeff is correct, The contents of the 'forward' file can be altered if you're not careful. See here for more information:

http://ciac.llnl.gov/ciac/bulletins/h-11.shtml

Regards!

...JRF...

Michael Tully · ‎11-19-2002

Make sure that root's home directory *is NOT* /

It is recommended to have /root instead, with permissions of 700 on the directory.
Have the .forward file as permissions 600

Anyone for a Mutiny ?

Bill Hassell · ‎11-19-2002

The majority of installed HP-UX systems have a fairly serious security problem: no umask value which means that files and directories are always created by all users (including root) as world-writable (666 or 777 permissions). Thus, .forward woud be a big security risk with 666 permissions.

Rather than use .forward, I would use /etc/mail/aliases to forward all the root email (not just root but all the admin logins and addresses too like hostmaster and webmaster and postmaster, etc) to a central location. Not doing this means loss of valuable notifications when root's email is not checked on each machine.

Bill Hassell, sysadmin

Bill Thorsteinson · ‎11-20-2002

I missed mentioning, that there are programs designed to extract and run commands from an incoming mail message. This provides an additional risk if this is run as root. These commands can be run without the knowledge of the user who's account is being used.

Bill Thorsteinson · ‎11-20-2002

The risk is that commands can be run from the .forward without the intervention of a user. Similar risk apply to cron, smtp, and a variety of other programs, including tools used to maintain the system.

The risk depends on the privileges used when running the .forward script. Various techniques can be used to reduce the risk including never running it as root. It depends on the software running it. The same risks apply to the aliases file, but it may be looked at more often than a .forward file.

Tools that replace the files from a central repository on a periodic basis can reduce the risk, as can tools that scan the contents for invalid commands. smrsh can also reduce the risk by limiting the programs that can be run.

RAC_1 · ‎11-20-2002

I would know what all such files are there? Where I can get info on that.

Like
.nslookuprc
.forward
.netrc

etc.

There is no substitute to HARDWORK

Steven E. Protter · ‎12-10-2002

root mail should be forwarded with the sendmail configuration.

Its can be safely forwarded to a regular user with /etc/aliases entries.

This script, designed for Linux, but quite usable will let you customize the mail profile and safely route mail where you need it to go.

Not that .forward is a problem, so long as the permissions on the file or directory is 700

#!/bin/sh

# A script designed to rebuild all relavent mail databases after a configuration
# change.
#
#

newaliases
cd /etc/mail
makemap -r -v hash access.db < access
makemap -r -v hash domaintable.db < domaintable
makemap -r -v hash genericstable.db < genericstable
makemap -r -v hash mailertable.db < mailertable
makemap -r -v hash virtusertable.db < virtusertable
cp /etc/sendmail.cf /root
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

echo "You need to edit the sendmail.cf file for localhost et al"
sleep 3
vi /etc/sendmail.cf
/etc/init.d/sendmail restart

My mamual mod is becasue I need to make a manual change to sendmail.cf to deal with some configuration idiosynchrasies on my servers.

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎01-08-2003

Hey Jay, you got some great responses here. Hand out a point or two.

I like Bill Hassel's response best, next my own.

Pride of ownership.

Steve

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Why is root having a .forward file a "Big Security risk"

Why is root having a .forward file a "Big Security risk"