rlogin over trusted hosts...
Marcus J. Ranum
mjr at vax2.nlm.nih.gov.nlm.nih.gov
Sun Oct 16 08:28:11 AEST 1988
In article <3043 at mipos3.intel.com> rpartha at cadev4.UUCP () writes:
>
> I noticed a possible problem with the "rlogin" command. Typically
> the accounts such as "sys", "news", etc. cannot be logged into since
> their /etc/passwd entries have a "*" in the password field. But, over
> a network it is possible to login as "sys" or "news" etc.
I used to change the login shells on sys, bin, etc, to something
like /usr/games/fortune, but some versions (or is it all?)(I have seen
some that don't) of rshd always execute 'rsh' commands using 'sh -c <command>'
instead of the pw->shell field in the password file.
I don't recall if 'bin' owns the stuff in /bin anymore - used to,
but that always was a pretty open hole, if 'bin' could get onto another
system and replace /bin/sh with a trojan horse. Possibilities like that
are endless - it's better to just keep people off your network if you
don't trust 'em :-)
--mjr();
More information about the Comp.unix.wizards
mailing list