Bugtraq mailing list archives
Re: SOLARIS/CDE/DT cover up : dtspcd
From: jon () XiG com (Jon Trulson)
Date: Thu, 5 Jun 1997 12:01:07 -0600
On Thu, 5 Jun 1997, Anthony C. Zboralski wrote:
Date: Thu, 5 Jun 1997 05:37:48 +0200 From: "Anthony C. Zboralski" <anthony () SCT FR> To: BUGTRAQ () NETSPACE ORG Subject: SOLARIS/CDE/DT cover up : dtspcd Have you ever heard of the CDE Subprocess Control daemon.. dtspc 6112/tcp Well i don't really like dt, it is slow and the only window manager i like is Afterstep.. but one day when i logged on sol251.chump.flakes.org.. it was running DT and there was this ugly application manager.. you got In the folder "Desktop Tools", i found this Xterm remote, terminal remote icons.. One of them corresponded to xterm_dtspcd.. I launched it and, oh well, it requested a remote hostname.. i entered one that was on the same subnet... and it logged me in without asking for a password even though .rhosts and hosts.equiv were supposed to be restricted.. i looked around and found the guilty program: /usr/dt/bin/dtspcd aka CDE Subprocess Control daemon.. and it was enabled by default in inetd.conf...
Hmmm. Are you reporting this as a security problem? dtspc doesn't use hosts.equiv or rhosts... It uses X11 authentication (~/.Xauthority)... If your home directory is the same on both machines (ie nfs shared) then this behavior is normal, since .Xauthority's contents will also be the same on both machines... If this is not the case, then more information on your environment would be useful... -- Jon Trulson work: mailto:jon () xig com, home: mailto:jon () radscan com Xi Graphics, http://www.xig.com ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962 PGP keys at finger:trulson () shell rmi net or http://home.rmi.net/~jon #include <stddisclaimer.h> FREE MARS!
Current thread:
- SOLARIS/CDE/DT cover up : dtspcd Anthony C. Zboralski (Jun 04)
- Re: SOLARIS/CDE/DT cover up : dtspcd Jon Trulson (Jun 05)