Re: Security Info (root broken)

Pug (pug@arlut.utexas.edu)
Thu, 29 Sep 1994 17:43:27 -0600 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mike O'Connor: "Re: Security Info (root broken) (fwd)"
Previous message: Karl Strickland: "Re: kern_exec.c"
Maybe in reply to: Pat Myrto: "Security Info (root broken)"
Next in thread: Doug Hughes: "Re: Security Info (root broken)"

> > > That is a point that is also going into the summary.  Its a shame, because
> > > the r commands are useful at times.
> > We have made it so we can use r commands with the password verification
> > (ie. rlogin) turned on. We did this by getting the source to login and
> > commenting out the call to see if it's a legitimate remote user. This
> > bypasses the /etc/hosts.equiv and ~/.rhosts check. Unfortunately if
> > you want /etc/hosts.equiv without ~/.rhosts, you have to modify the
> > library call ruserok().
> Thats a thought.  It precludes using them in any automated scripts, though.

You're correct. We are working on a more secure way to do this. Another
alternative would be to run tcp_wrapper around them. This means you
would have to trust certain hosts, but it's better than nothing.

Ciao,

-- 
Richard Bainter          Mundanely     |    System Analyst        - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
          pug@arlut.utexas.edu         |    pug@bga.com
Note: The views may not reflect my employers, or even my own for that matter.

Next message: Mike O'Connor: "Re: Security Info (root broken) (fwd)"
Previous message: Karl Strickland: "Re: kern_exec.c"
Maybe in reply to: Pat Myrto: "Security Info (root broken)"
Next in thread: Doug Hughes: "Re: Security Info (root broken)"