Bugtraq mailing list archives
Re: rdist exploit [bsdi]
From: cks () hawkwind utcs toronto edu (Chris Siebenmann)
Date: Tue, 16 Jul 1996 18:09:52 -0400
The real way to fix this hole in rdist is to run a version of rdist that is not setuid root. Patching the source and leaving rdist setuid root is just a bandaid until the next exploit is found. The only reason rdist is setuid root is so it can use rcmd(); it is easy to write a replacement for rcmd() that forks rsh. I did this and announced it back in November of 1991, when the first rdist security hole was announced, and you can get the code from ftp.sys.utoronto.ca as /pub/rdist.tar.gz. Versions of rdist 6 have come non-setuid for some time, after John DiMarco took my change and integrated it. I find rdist's continuing setuid state (and the resulting security exposures that turn up) a stunning testimony to just how much vendors really care about Unix security. -- "there used to be two moons then one of them discovered coffee." - Curtis Yarvin cks () hawkwind utcs toronto edu ...!{utgpu,utzoo,watmath}!utgpu!cks
Current thread:
- Re: rdist exploit [bsdi] The Terminator rAT (Jul 12)
- <Possible follow-ups>
- Re: rdist exploit [bsdi] Max Vision (Jul 13)
- Re: rdist exploit [bsdi] Andrew Kosyakov (Jul 14)
- Re: rdist exploit [bsdi] Chris Siebenmann (Jul 16)
- Re: rdist exploit [bsdi] Simon J. Gerraty (Jul 17)