Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: r commands

From: Fred_Kuhns () npg wustl edu (Fred Kuhns)
Date: Tue, 18 Oct 1994 08:51:15 -0500 (CDT)

Aleph One writes:



  Well guess i'll just pitch in my two cents in. If you dont allow
users to set up their own .rhosts files, or you dissable them
compleately. Then you loose what makes the r commands so wanted
by people.... transparency. They like them because they dont have


Agreed.


to type a user name and passwd to log into other machines. Now if
this dissapears then rlogin is a beefed up telnet. Therefore you must
a) Allow you users to use them and simply drop all incoming packets
to any ports where the r deamons hang at the router. or b) dont allow
them at all.


c) get the source (like logdaemon from Wietse Venema or BSD sources) and
modify.  For example disallow .rhosts but allow the use of hosts.equiv,
this way a set of trusted hosts can be defined which allow the r-commands
to do their thing.  It would also be a good idea to ensure common/unique
user and group ideas across all trusted hosts - logdaemon does this.
Alternatively, define a set of users and host pairs which will be
allowed unauthenticated access and have the r-commands check this acl.

fred
Previous By Date Next
Previous By Thread Next

Current thread: