Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Info (root broken)

From: casper () fwi uva nl (Casper Dik)
Date: Thu, 29 Sep 1994 16:33:38 +0100


On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug () arlut utexas edu> said:

As I remember the race condition, you don't have a problem if you don't
allow the 'r' commands into your system. The race condition created a
.rhosts file for accounts that had UID 0, but no existing .rhosts file.
I can't find my copy of the exploit anymore to be certain. As well, you
had to start on the system, so it wasn't that much of an external job
anyway.


This is one of the problems with exploit scripts: the scripts uses
.rhosts as one file to create for a user.  Now this particular file
has a certain interpretation that makes it dangerous.

However, there are many more files that when created will cause problems.

Besides, I believe that this is not the bug at issue.  A newer bug
was found by and alluded to on Usenet by Joerg Czeranski.

No patch has been made yet by Sun, even though it has been more
than two months.


I see allowing 'r' commands into your installation as a Bad Thing anyway.


If you allow it locally (in a non-secure NFS environment) it is a *good*
thing, aslong as you resrict it.  It gives snoopers much less chance of
getting lots of local passwords

Casper
Previous By Date Next
Previous By Thread Next

Current thread: