Bugtraq mailing list archives
Re: ruserok() & /etc/hosts.equiv
From: walkera () druggist gg caltech edu (Walker Aumann)
Date: Mon, 02 May 1994 21:28:35 PDT
Big Bad Jon <jsz () netsys com> reponds:
Define what you meant by ``ruserok denies access'' --
A '+' is supposed to allow any user from any host, and it doesn't.
As far as I can tell, ruserok() function, which is defined in rcmd.o module of libc returns a ``0'' if the machine name is listed in the ``hosts.equiv'' file or the host and remote user name are found in the ``.rhosts'' file; Otherwise it just returns a ``-1'', so having a ``+'' in /etc/hosts.equiv means that ruserok in fact does NOT deny access.
A '+' in my hosts.equiv file makes the routine return -1, regardless of .rhosts. While this is more secure than the expected behavior, I don't consider it correct behavior. Then again, really correct behavior wouldn't include calling this function in the first place. Walker
Current thread:
- Re: FIRST and CERT Perry E. Metzger (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)
- Re: FIRST and CERT Scott Chasin (May 02)
- Re: FIRST and CERT saouli () math ethz ch (May 02)
- ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
- Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
- Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
- Debate interuption - New firewalls book RayK (May 03)
- Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
- Re: FIRST and CERT Eric Brunson (May 02)
- <Possible follow-ups>
- Re: FIRST and CERT John Larson (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)