Re: Security Info (root broken)

Casper Dik (casper@fwi.uva.nl)
Thu, 29 Sep 1994 16:33:38 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Valdis.Kletnieks@vt.edu: "Re: Security Info (root broken)"
Previous message: Christopher Klaus: "Various resources"
In reply to: Pug: "Re: Security Info (root broken)"
Next in thread: Timothy Newsham: "Re: Security Info (root broken)"

>> >>>>> On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug@arlut.utexas.edu> said:
>As I remember the race condition, you don't have a problem if you don't
>allow the 'r' commands into your system. The race condition created a
>.rhosts file for accounts that had UID 0, but no existing .rhosts file.
>I can't find my copy of the exploit anymore to be certain. As well, you
>had to start on the system, so it wasn't that much of an external job
>anyway.

This is one of the problems with exploit scripts: the scripts uses
.rhosts as one file to create for a user.  Now this particular file
has a certain interpretation that makes it dangerous.

However, there are many more files that when created will cause problems.

Besides, I believe that this is not the bug at issue.  A newer bug
was found by and alluded to on Usenet by Joerg Czeranski.

No patch has been made yet by Sun, even though it has been more
than two months.

>I see allowing 'r' commands into your installation as a Bad Thing anyway.

If you allow it locally (in a non-secure NFS environment) it is a *good*
thing, aslong as you resrict it.  It gives snoopers much less chance of
getting lots of local passwords

Casper

Next message: Valdis.Kletnieks@vt.edu: "Re: Security Info (root broken)"
Previous message: Christopher Klaus: "Various resources"
In reply to: Pug: "Re: Security Info (root broken)"
Next in thread: Timothy Newsham: "Re: Security Info (root broken)"