Bugtraq mailing list archives
Re: ruserok() & /etc/hosts.equiv
From: dan () pasteur fr (Daniel Azuelos)
Date: Sat, 14 May 1994 08:39:32 +0200 (MET DST)
About the 'hosts.equiv' functionality: | >A '+' is supposed to allow any user from any host, and it doesn't. | > | > | >A '+' in my hosts.equiv file makes the routine return -1, regardless of | >..rhosts. While this is more secure than the expected behavior, I don't | >consider it correct behavior. Then again, really correct behavior wouldn't | >include calling this function in the first place. Sun still distribute 4.1.3_U1 with a '/etc/hosts.equiv' containing a '+'. And this authorize access from *any* host! -- dan
Current thread:
- Re: AIX rlogind, (continued)
- Re: AIX rlogind Paul A Vixie (May 23)
- Fix for Linux/AIX login hole Karyn Pichnarczyk (May 23)
- Re: Fix for Linux/AIX login hole Rens Troost (May 23)
- Re: AIX rlogind Bonfield James (May 24)
- Fix for Linux/AIX login hole Doug McLaren (May 22)
- Re: Fix for Linux/AIX login hole Tony Jago (May 23)
- Re: AIX rlogind Wietse Venema (May 23)
- AIX Fix Mark Fullmer (May 22)
- various rlogind stuff, plus new telnetd stuff (was Re: AIX rlogind) matthew green (May 22)
- Re: AIX rlogind Peter Wemm (May 22)