Bugtraq mailing list archives

Re: ruserok() & /etc/hosts.equiv

From: dan () pasteur fr (Daniel Azuelos)
Date: Sat, 14 May 1994 08:39:32 +0200 (MET DST)


About the 'hosts.equiv' functionality:

| >A '+' is supposed to allow any user from any host, and it doesn't.
| >
| >
| >A '+' in my hosts.equiv file makes the routine return -1, regardless of
| >..rhosts.  While this is more secure than the expected behavior, I don't
| >consider it correct behavior.  Then again, really correct behavior wouldn't
| >include calling this function in the first place.

Sun still distribute 4.1.3_U1 with a '/etc/hosts.equiv'
containing a '+'. And this authorize access from *any* host!

-- 
dan

Current thread:

Re: AIX rlogind, (continued)
- - - Re: AIX rlogind Paul A Vixie (May 23)
    - Fix for Linux/AIX login hole Karyn Pichnarczyk (May 23)
    - Re: Fix for Linux/AIX login hole Rens Troost (May 23)
    - Re: AIX rlogind Bonfield James (May 24)
    - Fix for Linux/AIX login hole Doug McLaren (May 22)
    - Re: Fix for Linux/AIX login hole Tony Jago (May 23)
    - Re: AIX rlogind Wietse Venema (May 23)
    - AIX Fix Mark Fullmer (May 22)
    - various rlogind stuff, plus new telnetd stuff (was Re: AIX rlogind) matthew green (May 22)
    - Re: AIX rlogind Peter Wemm (May 22)
- Re: ruserok() & /etc/hosts.equiv Daniel Azuelos (May 13)
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 20)