egghelp.org community

Bytez · Op Joined: 11 Aug 2003 Posts: 168

Hey gang, I need some help regarding permissions and owners for my eggdrop. Recently, a tech changed the permissions and owners for my eggdrop files and folders because they thought it is insecure and vulnerable.
Shocked

Are the older versions vulnerable to backdoors/trojans?

This is what I saw on the bash history file:

rosc2112 · Posted: Tue Oct 03, 2006 10:16 pm Post subject:

I would assume that means they do not want eggdrop running. As far as the meaning of chmod's octals, try googling "chmod octals" and the usual permissions would be u+rwx g-rwx o-rwx

Bytez · Op Joined: 11 Aug 2003 Posts: 168

They do allow ircd and eggdrops, just the tech felt that the eggdrop might've caused trojans/backdoors on the server. Rolling Eyes

Those permissions are for every folder and file for eggdrop?

rosc2112 · Posted: Wed Oct 04, 2006 9:46 am Post subject:

Most of the perms would be u+rwx, for executables and directories. Text files only need +r (and maybe +w if you want to be able to edit them). If they chmod -R the whole directory, it would be easiest to just chmod -R u+rwx /home/server/eggdrop rather than go through each and every dir setting the perms.

And no I've never heard of any backdoors in eggdrop, although of course there are insecure settings and there are probably very bad scripts that would open up vulnerabilities. There's a section in the forum faq's about script security, and there are some notes in the sample eggdrop config file about security. But, this is pretty much common-sense shell security stuff. If you're really paranoid, run the bot in a chroot jail.

nml375 · Revered One Joined: 04 Aug 2006 Posts: 2857

I would however strongly suggest you upgrade from .15 to current (.18 ), a few nasty bugs were plugged since then. Also, this would probably be the easiest way of restoring all file permissions to their supposed values.

I must agree with rosc that there are no backdoors or trojans in eggdrop (of course assuming you download it from a trusted source). Of course, since it is a software that allows remote execution with some configurations, there is a possibility that a malicious person might try to use it in order to launch unauthorized code on your system.
However, none of the configurations required for remote execution is enabled in the dist config-file (both .set and .tcl are disabled, and would require owner or permowner privileges to be used). This said, there might be exploits or exploitable bugs in 3rd party scripts that could lead to remote execution, as eggdrop does support scripting...

In a security viewpoint, an eggdrop could possibly only compromize the account it runs under (and it will not run as root). I'd considder a webserver allowing users to post their own php's or cgi's to be atleast an equal security risk.
_________________
NML_375, idling at #eggdrop@IrcNET

De Kus · Posted: Tue Oct 17, 2006 1:20 pm Post subject:

he cant undo a chown to a diffrent username than himself without having access to the new username or root.
_________________
De Kus
StarZ|De_Kus, De_Kus or DeKus on IRC
Copyright © 2005-2009 by De Kus - published under The MIT License
Love hurts, love strengthens...