Bugtraq mailing list archives

Re: Internet Worm

From: strat () ksu ksu edu (Steve Davis)
Date: Mon, 17 Oct 1994 06:38:33 -0500


Various methods of making users' and administrators' lives a pain
deleted.

Brett Lymn writes:

This should stop the user creating a .rhosts file as there is a
directory there with that name.


Seems to me that we would all be better served by running daemons that
don't trust the user to determine valid remote authentication.  Why not
fix the r-daemons and login to ignore these files?  This is certainly
possible if a) you have source, and b) you're a competant enough
programmer to #ifdef the necessary bits of code into oblivion.

Unfortunatly, a) is rarely true.  It'd be nice if vendors would ship
their products secure.

-- 
                                             Steve Davis <strat () ksu ksu edu>
                                                     Kansas State University

Current thread:

Re: Internet Worm George Hodson (Oct 14)
- Re: Internet Worm James Seng (Oct 15)
- <Possible follow-ups>
- Re: Internet Worm Rik Farrow (Oct 15)
- Re: Internet Worm Brett Lymn (Oct 16)
  - Re: Internet Worm Steve Davis (Oct 17)
    - Re: Internet Worm Jonathan M. Bresler (Oct 17)
    - Re: Internet Worm Perry E. Metzger (Oct 17)
    - Re: Internet Worm Jonathan M. Bresler (Oct 17)
    - Re: Internet Worm Perry E. Metzger (Oct 17)
    - Re: Internet Worm Bennett Todd (Oct 17)
    - Re: Internet Worm Perry E. Metzger (Oct 18)
    - Re: Internet Worm Scott Schwartz (Oct 18)
    - Re: Internet Worm Perry E. Metzger (Oct 18)
    - Re: Internet Worm Christine R. Gressley (Oct 17)
    - r commands Aleph One (Oct 17)

(Thread continues...)