Bugtraq mailing list archives
Re: Fix for Linux/AIX login hole
From: perry () imsi com (Perry E. Metzger)
Date: Tue, 24 May 1994 07:27:21 -0400
H Morrow Long says:
Of course this is no substitute for the IBM emergency patch which should be installed as well. I do recommend removing the ability to rlogin to a root account. There is no valid reason for root to be able to rlogin (well there might be a few but they are not as powerful as the arguments against). /bin/su is the preferred method of becoming root and you can still telnet in and login on the console as root (I would encourage you to turn off the ability to telnet in and login as root as well, but...).
And what happens one morning when NIS stops working, or NFS starts hanging, and you cannot log in as any user BUT root? Yes, this happens. Of course, the real answer is to kerberize all access to your machine, but... Perry
Current thread:
- Re: Fix for Linux/AIX login hole Serge J. Goldstein (May 23)
- Re: Fix for Linux/AIX login hole Doug McLaren (May 23)
- <Possible follow-ups>
- Re: Fix for Linux/AIX login hole Doug Siebert (May 23)
- Re: Fix for Linux/AIX login hole Christopher Klaus (May 23)
- Re: Fix for Linux/AIX login hole H Morrow Long (May 23)
- Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)
- Re: Fix for Linux/AIX login hole George Boyce (May 24)
- Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)
- Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)