[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Security



Hi Brian,

I'm using your Sharity light mail to answer your security question. :)

> Here's the layout:
> Vigor2200 USB ADSL Switcher.
> Falcon CT2b on EtherNEC (192.168.1.8)
> Windows XP Home Edition (192.168.1.10)

If your Falcon is on a local ip and connected to the internet via a NAT
firewall (in this case the adsl switch), there's no way anyone from
outside can get access to your Falcon without you setting up a specific
port on the switch to go to a telnet or ssh server on the Falcon.

So the question of security boils down to the question of how much
_insecurity_ you want. Do you want to enable remote connections at all? If
so, do you want to give other users an account? It's probably possible to
set the permissions in the u:\ folder in a way that other users can't read
your drives just like you can restrict access to specific folders. (Of
course the permission system on tos drives is a disaster from a unix point
of view, but IIRC the rights of the drive-folders in u: are respected).

But are there people you trust enough to give them a real user account but
not enough to have (readonly) access to most of your harddisk? In that
case, you should store anything sensitive on the ext2 drives because they
have a real security mechanism.

By the way, no many people seem to know this, but you can configure su so
that only people in the root group can su to root. I just don't know how
to configure that, in kgmd it was the default. :)

MiNT is reasonably secure towards people without accounts. By that I mean
it's not more vulnerable to people hacking access without any prior rights
at all than most other OS'es (AFIK). Where MiNT really lacks security
compared to other Unices is in the security against malignant users WITH
an account. Any logged in user can hog all memory or cpu time to make the
machine unusable, or completely bypass most protection MiNT has by making
the right supervisor calls (not from the shell, they'd have to write a
program for that though). The bottom line is that you'd better not
use your Falcon as an ISP host, :) but it's perfectly usable to share your
machine's resources with friends.

Actually I'd trust my Falcon more than an XP box, because with the Falcon
I have control over it's online activities. :)

Maurits.

-- 
 ,______________________________________________________________,
 |                 BassMent Productions - Freedom of creativity!|
 |______________________________________________________________|
 | Music productions - Projects - Internet presence - Webdesign |___
 |                     http://www.bassment.nu/                  |  |
 \______________________________________________________________/  |
                             |      http://www.muzikanten.nu/      |
                             | Het muzikantennetwerk van Nederland |
                             |_____________________________________|