Bugtraq mailing list archives
Re: r commands
From: dennisg () sickly cybersafe com (Dennis Glatting)
Date: Tue, 18 Oct 94 10:15:46 -0700
Well guess i'll just pitch in my two cents in. If you dont allow users to set up their own .rhosts files, or you dissable them compleately. Then you loose what makes the r commands so wanted by people.... transparency. They like them because they dont have to type a user name and passwd to log into other machines. Now if this dissapears then rlogin is a beefed up telnet. Therefore you must a) Allow you users to use them and simply drop all incoming packets to any ports where the r deamons hang at the router. or b) dont allow them at all.
In a university setting a) is probably fine while a bussiness would probably go with b).
I remember an article where Bill Joy said "the r utilities were just a hack until the telent and ftp protocols are formalized". The article continued "they escaped from the lab." As a system administrator I can tell you the r utilities are a major source of security holes, particularly the .rhosts file. As I developer, I can tell you the r utility source and cross platform issues suck. If you got'm, don't smoke'm. -dpg
Current thread:
- Re: r commands Dennis Glatting (Oct 18)
- <Possible follow-ups>
- Re: r commands DFRussell (Oct 18)