From owner-freebsd-hackers  Wed Apr 17 12:53:49 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA01452
          for hackers-outgoing; Wed, 17 Apr 1996 12:53:49 -0700 (PDT)
Received: from vent.pipex.net (root@vent.pipex.net [158.43.128.5])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA01445
          for <freebsd-hackers@freebsd.org>; Wed, 17 Apr 1996 12:53:45 -0700 (PDT)
Received:  from dial.pipex.com by vent.pipex.net (8.6.12/PIPEX simple 1.20)
	id UAA12197; Wed, 17 Apr 1996 20:53:39 +0100
Received: (from jraynard@localhost) by dial.pipex.com (8.6.12/8.6.12) id QAA00530; Wed, 17 Apr 1996 16:06:08 GMT
Date: Wed, 17 Apr 1996 16:06:08 GMT
From: James Raynard <jraynard@dial.pipex.com>
Message-Id: <199604171606.QAA00530@dial.pipex.com>
To: freebsd-hackers@freebsd.org
Subject: Extra option for rlogind?
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I saw this in a discussion about .rhosts files on comp.security.unix
(this poster was referring to Linux):-

>Our rlogind has a -s flag which will only read .rhosts files if they are 
>owned by root.  So users cannot create their own .rhosts files, without 
>root knowing about it.  
>More work for the sysadmin, and mabye not feasible on a machine with a lot 
>of users, but it works for us.

This would be very easy to add, as per the following (untested)
patches. Would this be a worthwhile addition, or is it just another
silly Linux gimmick? 8-)

James

*** rlogind.c~	Wed Apr 17 15:34:00 1996
--- rlogind.c	Wed Apr 17 15:39:23 1996
***************
*** 123,128 ****
--- 123,129 ----
  	char *argv[];
  {
  	extern int __check_rhosts_file;
+ 	extern int __check_root_owns_rhosts;
  	struct sockaddr_in from;
  	int ch, fromlen, on;
  
***************
*** 139,144 ****
--- 140,148 ----
  			break;
  		case 'n':
  			keepalive = 0;
+ 			break;
+ 		case 's':
+ 			__check_root_owns_rhosts = 1;
  			break;
  #ifdef KERBEROS
  		case 'k':

*** rcmd.c~	Wed Apr 17 15:33:51 1996
--- rcmd.c	Wed Apr 17 15:38:17 1996
***************
*** 247,252 ****
--- 247,253 ----
  }
  
  int	__check_rhosts_file = 1;
+ int   __check_root_owns_rhosts = 0;
  char	*__rcmd_errstr;
  
  int
***************
*** 331,336 ****
--- 332,339 ----
  			cp = ".rhosts not regular file";
  		else if (fstat(fileno(hostf), &sbuf) < 0)
  			cp = ".rhosts fstat failed";
+ 		else if (__check_root_owns_rhosts && sbuf.st_uid)
+ 			cp = ".rhosts owned by other than root";
  		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
  			cp = "bad .rhosts owner";
  		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))