Date: Thu, 27 Jun 1996 11:30:17 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: lada@ws2301.gud.siemens.co.at (Hr.Ladavac) Cc: michaelv@HeadCandy.com, vince@mercury.gaianet.net, ejs@bfd.com, mark@grumble.grondar.za, hackers@FreeBSD.org, security@FreeBSD.org, chad@mercury.gaianet.net, jbhunt@mercury.gaianet.net Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606271830.LAA05468@phaeton.artisoft.com> In-Reply-To: <199606270836.AA158394572@ws2301.gud.siemens.co.at> from "Hr.Ladavac" at Jun 27, 96 10:36:11 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Seriously, you must be root to create a setuid root file. It doesn't > > matter *how* you try to create it. > > A five dollar question Vince: > > does root have .rhosts in his home directory? What is to be found there? > If he does, throw it away; it's enormously insecure. Similar with > /etc/host.equiv et cetera. man ruserok The authentication for vouchsafe protocols (rcmd/rsh based protocols) *specifically* ignores hosts.equiv and hosts.lpd for root. If root does not have a .rhosts, then it is secure from vouchsafe attack this way. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606271830.LAA05468>