• Next message: JOSEPH@ob.missouri.edu: "Set up Swap disk & ps problem"
• Previous message: Greg Corteville: "Serial: My IRQ is 5 NOT 4! Change?"
• Maybe in reply to: Savio Lam: "What's wrong with SLACKWARE's rshd setup?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: imp@boulder.parcplace.com (Warner Losh)
Subject: Re: What's wrong with SLACKWARE's rshd setup?
Date: Mon, 16 Aug 1993 16:42:30 GMT

In article <1993Aug15.043521.4739@hp9000.csc.cuhk.hk> lam836@cs.cuhk.hk writes:
>My friend and I have installed slackware on our machines. When we both
>connect to our school's host with SLIP, I've tried a
>'rsh <HisAddress> -l root whoami' and it says 'root'! Why is there such
>a *big* security hole? How can prevent others to rsh into my machine
>besides 'chmod a-x /usr/etc/in.rshd'?

You can stop using the shadow release. It puts the passwords in
/etc/passwd as :: arather than :*:. rhsd is seeing the :: and
assuming that you have no password and you are allowed to login. This
is quite wrong. Any shadowing system should use :*: so that it will
work (or break in a failsafe way) old programs.

Warner

-- 
Warner Losh             imp@boulder.parcplace.COM       ParcPlace Boulder
I've almost finished my brute force solution to subtlety.

• Next message: JOSEPH@ob.missouri.edu: "Set up Swap disk & ps problem"
• Previous message: Greg Corteville: "Serial: My IRQ is 5 NOT 4! Change?"
• Maybe in reply to: Savio Lam: "What's wrong with SLACKWARE's rshd setup?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]