Bugtraq mailing list archives

Re: ruserok() & /etc/hosts.equiv

From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Tue, 3 May 1994 12:31:19 -0500


At  8:26 AM 5/3/94 -0700, Walker Aumann wrote:

I agree that it's a reasonable thing to be broken, but it should be documented,
and where is the version of ruserok that rcp, rsh, rlogin use, since none of
those programs are broken?


Try rsh'ing into an account that doesn't have a .rhosts while there is a +
in hosts.equiv.  Does this work?  Maybe Sun broke ruserok() to ignore the
hosts.equiv file because it has no real usage.  If ruserok() doesn't work
in a sample c program (checking to see if hello.world.com is allowed in,
etc) then, at least I thought, that it wouldn't work in a larger program
such as the 'r' commands.  Unless they use some other method of
authentication in addition to ruserok().  Maybe I'll dig up my net/2
sources and check out that version of ruserok().  Be sure to try it with a
valid host name too.  Get back to me on this.

Current thread:

Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
- <Possible follow-ups>
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
  - Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 03)
- Re: ruserok() & /etc/hosts.equiv Uwe Ellermann (May 04)
  - Re: ruserok() & /etc/hosts.equiv Wietse Venema (May 21)
  - AIX rlogind peter () freedom nmsu edu (May 21)
    - Re: AIX rlogind Peter Wemm (May 21)
    - Re: AIX rlogind Kevin Johnson (May 22)
    - Re: AIX rlogind Casper Dik (May 22)
    - Re: AIX rlogind Kevin Johnson (May 22)
    - Re: AIX rlogind Casper Dik (May 22)
    - Re: AIX rlogind Peter Wemm (May 22)

(Thread continues...)