Bugtraq mailing list archives
Re: ruserok() & /etc/hosts.equiv
From: jsz () netsys com (Big Bad Jon)
Date: Mon, 2 May 1994 13:53:10 -0700 (PDT)
Walker Aumann has said
I ran over something last week while playing around with our Suns (4.1.3), and thought I'd pass it on to you while it makes its way through Sun. ruserok() denies access if /etc/hosts.equiv contains a line with only a '+'. This seems like a Good Thing to me, even though it's not expected behaviour, but it makes me wonder about rlogin, rcp, and rsh, since they still seem to work correctly (i.e., they let anyone who wants to walk all over your machine). Walker
Define what you meant by ``ruserok denies access'' -- As far as I can tell, ruserok() function, which is defined in rcmd.o module of libc returns a ``0'' if the machine name is listed in the ``hosts.equiv'' file or the host and remote user name are found in the ``.rhosts'' file; Otherwise it just returns a ``-1'', so having a ``+'' in /etc/hosts.equiv means that ruserok in fact does NOT deny access. Actually, you might want to modify rcmd.o to *always* deny, because aside of that it's being broken (doesn't check permission of .rhosts or, /etc/hosts.equiv) it's also vulnerable to source routing, or any kind of DNS games -- after all it uses gethostbyaddr(3N) to determine whether or not you're coming from a *trusted* site. --- Jonathan jsz () netsys com
Current thread:
- Re: FIRST and CERT Perry E. Metzger (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)
- Re: FIRST and CERT Scott Chasin (May 02)
- Re: FIRST and CERT saouli () math ethz ch (May 02)
- ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
- Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
- Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
- Debate interuption - New firewalls book RayK (May 03)
- Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
- Re: FIRST and CERT Eric Brunson (May 02)
- <Possible follow-ups>
- Re: FIRST and CERT John Larson (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)