From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ms-smtp-01.southeast.rr.com ([24.93.67.82]) by speech.braille.uwo.ca with esmtp (Exim 3.35 #1 (Debian)) id 1A1KC6-0002FL-00 for ; Mon, 22 Sep 2003 02:29:10 -0400 Received: from localhost (cpe-069-132-009-002.carolina.rr.com [69.132.9.2]) by ms-smtp-01.southeast.rr.com (8.12.5/8.12.2) with SMTP id h8M6Lg0Q004560 for ; Mon, 22 Sep 2003 02:21:42 -0400 (EDT) Message-ID: <000501c380d2$d09ddd00$0100007f@carolina.rr.com> From: "Chris" To: Subject: Am i in danger? Date: Mon, 22 Sep 2003 02:29:02 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: speakup-admin@braille.uwo.ca Errors-To: speakup-admin@braille.uwo.ca X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: speakup@braille.uwo.ca List-Help: List-Post: List-Subscribe: , List-Id: Speakup is a screen review system for Linux. List-Unsubscribe: , List-Archive: Well, I know that some servers on Slackware are started literally as soon as installation is complete, like, sendmail being one of them... I have set a mount point as /win which points to my windows fat32 drive at which I can see the entire drive from there... There is a hell of a lot of sinsitive info on that drive... On my router, I do have port 21 ftp opoened, as under Windows, I do run an ftp server, which I have very cautiously configured so that well... 1... the whole world can't see my drive, and on top of that, I basicly only allow access to my Adventures in Odyssey collection, as well as my music collection which is now just over 4gb. I guess to get to my point of this mail: Because of me having port 21 opened for windows,and because of the fact that right now root has access to every file and every directory on /win which is on /dev/hda1 I'm wondering if that opens my hda drive for being jeopardized of someone hacking in through port 21 and seeing my drive and even possibly retreiving inappropriate data for them to be seeing... now granted, my theory is that in order for that to happen, the user would have to have the modification set to 6 on the whole directory thus, giving them total access, but, here's the thing: see: like i said, the person who helped me get everything up and going, forgot to put the mount point in my fstab file, so the only user right now that can even cd into /win regardless is root and that's literally it... So, I'm just wondering if that is going to open a security hole, and if so, how can I improve my security and prevent a molicious attack, or even worse, spreading of nonpublic data. Thank you for your time, efforts, and help... Chris.