Bugtraq mailing list archives

ruserok() & /etc/hosts.equiv

From: walkera () gg caltech edu (Walker Aumann)
Date: Mon, 02 May 1994 10:17:28 PDT


I ran over something last week while playing around with our Suns (4.1.3),
and thought I'd pass it on to you while it makes its way through Sun.

ruserok() denies access if /etc/hosts.equiv contains a line with only a '+'.
This seems like a Good Thing to me, even though it's not expected behaviour,
but it makes me wonder about rlogin, rcp, and rsh, since they still seem to
work correctly (i.e., they let anyone who wants to walk all over your machine).

Walker

Current thread:

Re: FIRST and CERT Perry E. Metzger (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)
  - Re: FIRST and CERT Scott Chasin (May 02)
  - Re: FIRST and CERT saouli () math ethz ch (May 02)
- ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
  - Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
    - Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
    - Debate interuption - New firewalls book RayK (May 03)
- Re: FIRST and CERT Eric Brunson (May 02)
- <Possible follow-ups>
- Re: FIRST and CERT John Larson (May 02)