From: Hendrik G. Seliger (hank@Blimp.automat.uni-essen.de)
Date: 08/09/93

Next message: Wm E. Davidsen Jr: "Re: 38400 or 57600 baud, which to use? With what FIFO trigger setting?"
Previous message: Yonik Christopher Seeley: "Re: rlogin & telnet problem"
Maybe in reply to: Jason Haar: "rsh vulnerability?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

From: hank@Blimp.automat.uni-essen.de (Hendrik G. Seliger)
Subject: Re: rsh vulnerability?
Date: Mon, 9 Aug 1993 06:26:44 GMT

Brian McCauley (mccauleyba@vms1.bham.ac.uk) wrote:

: Your in.rshd was compiled without shadow and your system is using shodow.
: Since the password field of the root line in /etc/passwd is null rshd is
: allowing unvalidated rsh login from everywhere.

This is definitely NOT necessary! If you disable the account in the
/etc/passwd-file, e.g. by putting an asterisk in the password field,
programs which are not compiled with shadow will not validate the user
and will hence not be a security risk. I the given case, rsh would
quit it's job, sure, but you'd also *know* that something' wrong
before you find your system cleaned up by someone else one morning.

Hank

Next message: Wm E. Davidsen Jr: "Re: 38400 or 57600 baud, which to use? With what FIFO trigger setting?"
Previous message: Yonik Christopher Seeley: "Re: rlogin & telnet problem"
Maybe in reply to: Jason Haar: "rsh vulnerability?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]