Date: Fri, 12 May 2000 16:10:27 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Nick Sayer <nsayer@quack.kfu.com> Cc: hackers@freebsd.org Subject: Re: rexec as root Message-ID: <Pine.GHP.4.21.0005121606390.487-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <391C12B5.E5A2DCD3@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 May 2000, Nick Sayer wrote: > I would like to gather some opinions in regards to _very slightly_ > backing off > on rexec's security. Don't do it? > rexec makes the following checks... [ uid==0, password blank, uname in /etc/ftpusers ] > I put it to everyone that the first and third checks are equivalent and What you say is correct, but personally I think deprecated really should mean deprecated. There are better alternatives to rexec (ssh - open or otherwise) and they ought to be pushed. If admins _really_ want this functionality, patching the source isn't so much of a hardship. But it makes the path f least resistance the installation of a better alternative :-) jan -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk Spreadsheet through network. Oh yeah. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GHP.4.21.0005121606390.487-100000>