Re: Internet Worm (fwd)

[nick () zeta org au (Nick Andrew)]

G'day James,

Forwarding a message from James Seng:
> Anyway, what i did on my system is put a .rhosts file in every user 
> directory. chmod 000 .rhosts and chown root .rhosts. Not all user needs 
> .rhosts file. Those who wants to use them email me and i will chown back 
> to them. (any problem with that? :-)

It's a good try, but insufficient to prevent users from opening a hole
in their account. The user can 'rm -f' the file or rename it unless you
also turn on the sticky bit in their directory. If you do that they can
chmod the directory - which means you have to chown the directory to
root. Now the user cannot write to the directory, so you have to put each
user in a distinct group, and give write permission to the group on the
directory. It sounds like a lot of hard work to me.

Better to change the location of the .rhosts file to something which
the user cannot edit, say /etc/rhosts/username and enforce all changes
to be done by root. I can change the location of the .rhosts file in
Linux by editing libc-linux/inet/rcmd.c, function ruserok() and linking
that into the C shared library. It is good to have the source code :-)

Nick.
-- 
Kralizec Dialup Unix (Public Access)    Data: +61-2-837-1183, 837-1868
Zeta Microcomputer Software             v.42bis v.32bis 14.4k 24 hours
P.O. Box 177, Riverstone NSW 2765       Telnet kralizec;login guest for info