From: David Mercer <Radix42@Cox.Net>
Date: Thu, 28 Nov 2002 16:02:04 -0700
Subject: [e-lang] Your passwd file (was "Capability Myths Demolished")

>rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
>(Hopefully I haven't opened my system up to attack by publishing this;
>if so please let me know, and perhaps we can remove this message from
>the archives!)

Well, you've revealed which user accounts have valid shells  (hal, 
root and gdm), that you are most likely running some flavor of linux 
('x' in the password field indicating it's actual hash is in a shadow 
password system, whereas a BSD would have a '*' there in that 
case....but that could be a commercial Unix of a few flavors, but 
combining it with the fact that it also contains users without 
homedirs at all tilts it towards linux...but an attacker could find 
that out from other means very easily).

Revealing the fact that a username of 'hal' exists on your box is no 
shocker,  but the fact that one need not pussyfoot around brute 
forcing others would be useful knowledge, and the fact that you don't 
have valid shells foolishly set for service accounts would save an 
attacker from wasting more time there too.

But your mail headers reveal perhaps more useful info anyway (your IP 
of is running sendmail 8.11.6).   Now, most people will 
say 'but the version is always announced'...and I'm not advocating 
security through obscurity, but postfix now defaults to NOT listing a 
version in smtp banners,
as Wietse also believes in making those bastard script kiddies waste 
as much of their time as possible, while sendmail still defaults to 
showing it (I don't even know where its knob to turn that off IS, if 
it has one).

So no, IMHO,  you didn't reveal anything catastrophic :-)
David Mercer
Tucson, AZ
e-lang mailing list