From: mccauleyba@vms1.bham.ac.uk (Brian McCauley) Subject: Re: rsh: "rcmd: socket: Permission denied" Date: 31 Jul 1993 12:25:53 GMT
In article <23broe$9v0@europa.eng.gtefsd.com>, niemidc@oasis.gtefsd.com (David C. Niemi) writes:
> In article 1@vms1.bham.ac.uk, mccauleyba@vms1.bham.ac.uk (Brian McCauley) writes:
>>In article <239eqn$4nd@csdpc2.arlut.utexas.edu>, phaedrus@arlvs1.arlut.utexas.edu (James Jurach) writes:
>>> |> ~ % rsh loopback
>>> |> rcmd: socket: Permission denied
>>
>>rsh should be installed setuid(root)
>
> This will make things work, but it is a security hole big enough to fly a
> 747 through, just in case you care.
>
Buzzt.. Wrong.
Having rsh _not_ suid(root) is a security hole. (After I posted I wondered
on the way home if someone would make this mistake).
If it was possible to have rsh work non-suid root then anyone could
take a copy of the sources and hack it to fake the uid and then connect
to any machine in the local group (as defined by hosts.equiv) as any
user without a password.
--
\\ ( ) No Bullshit! | Email: B.A.McCauley@bham.ac.uk
. _\\__[oo from | Voice: +44 21 471 3789 (home)
.__/ \\ /\@ /~) /~[ /\/[ | +44 21 627 2171 (work)
. l___\\ /~~) /~~[ / [ | Fax: +44 21 627 2175 (work)
# ll l\\ ~~~~ ~ ~ ~ ~ | Snail: 197 Harborne Lane, B29 6SS, UK
###LL LL\\ (Brian McCauley) | ICBM: 52.5N 1.9W