Bugtraq mailing list archives
Re: ruserok() & /etc/hosts.equiv
From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Tue, 3 May 1994 12:31:19 -0500
At 8:26 AM 5/3/94 -0700, Walker Aumann wrote:
I agree that it's a reasonable thing to be broken, but it should be documented, and where is the version of ruserok that rcp, rsh, rlogin use, since none of those programs are broken?
Try rsh'ing into an account that doesn't have a .rhosts while there is a + in hosts.equiv. Does this work? Maybe Sun broke ruserok() to ignore the hosts.equiv file because it has no real usage. If ruserok() doesn't work in a sample c program (checking to see if hello.world.com is allowed in, etc) then, at least I thought, that it wouldn't work in a larger program such as the 'r' commands. Unless they use some other method of authentication in addition to ruserok(). Maybe I'll dig up my net/2 sources and check out that version of ruserok(). Be sure to try it with a valid host name too. Get back to me on this.
Current thread:
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
- <Possible follow-ups>
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
- Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 03)
- Re: ruserok() & /etc/hosts.equiv Uwe Ellermann (May 04)
- Re: ruserok() & /etc/hosts.equiv Wietse Venema (May 21)
- AIX rlogind peter () freedom nmsu edu (May 21)
- Re: AIX rlogind Peter Wemm (May 21)
- Re: AIX rlogind Kevin Johnson (May 22)
- Re: AIX rlogind Casper Dik (May 22)
- Re: AIX rlogind Kevin Johnson (May 22)
- Re: AIX rlogind Casper Dik (May 22)
- Re: AIX rlogind Peter Wemm (May 22)