Bugtraq mailing list archives
Re: Security Info (root broken)
From: pug () arlut utexas edu (Pug)
Date: Thu, 29 Sep 1994 17:43:27 -0600 (CDT)
That is a point that is also going into the summary. Its a shame, because the r commands are useful at times.We have made it so we can use r commands with the password verification (ie. rlogin) turned on. We did this by getting the source to login and commenting out the call to see if it's a legitimate remote user. This bypasses the /etc/hosts.equiv and ~/.rhosts check. Unfortunately if you want /etc/hosts.equiv without ~/.rhosts, you have to modify the library call ruserok().Thats a thought. It precludes using them in any automated scripts, though.
You're correct. We are working on a more secure way to do this. Another alternative would be to run tcp_wrapper around them. This means you would have to trust certain hosts, but it's better than nothing. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug () arlut utexas edu | pug () bga com Note: The views may not reflect my employers, or even my own for that matter.
Current thread:
- Re: Security Info (root broken) pluvius (Sep 29)
- <Possible follow-ups>
- Re: Security Info (root broken) Mark Graff (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)