Re: AIX rlogind

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Kevin Driscoll: "Re: Generating a true random number?"
• Previous message: Rob Quinn: "Re: Generating a true random number?"
• In reply to: Graham Toal: "Re: AIX rlogind"

>: I've just checked DEC OSF/1 V2.0. This seems to be partially ok. The -froot
>: method won't work (I get complaints about -r, -o, and -t being unknown options
>: which implies its -f option doesn't take an argument). However the -h trick is
>: still available (but is obviously less severe).
>
>I'm not sure it is less severe.  Can't it be used for host spoofing
>when using rlogin - just set up a user of the appropriate name on your
>own host and rlogin -l -htrusted.host ???  (I haven't been able to test
>this yet because I don't have any untrusted hosts handy that can get
>through the log_tcp blocking!)

i believe it is only able to fool utmp/wtmp type things.
using the ``-l -htrusted.host'' hack trashes the -remote-
username you would normally pass.

i may be wrong.

• Next message: Kevin Driscoll: "Re: Generating a true random number?"
• Previous message: Rob Quinn: "Re: Generating a true random number?"
• In reply to: Graham Toal: "Re: AIX rlogind"