Date: Wed, 17 Apr 1996 16:06:08 GMT From: James Raynard <jraynard@dial.pipex.com> To: freebsd-hackers@freebsd.org Subject: Extra option for rlogind? Message-ID: <199604171606.QAA00530@dial.pipex.com>
next in thread | raw e-mail | index | archive | help
I saw this in a discussion about .rhosts files on comp.security.unix
(this poster was referring to Linux):-
>Our rlogind has a -s flag which will only read .rhosts files if they are
>owned by root. So users cannot create their own .rhosts files, without
>root knowing about it.
>More work for the sysadmin, and mabye not feasible on a machine with a lot
>of users, but it works for us.
This would be very easy to add, as per the following (untested)
patches. Would this be a worthwhile addition, or is it just another
silly Linux gimmick? 8-)
James
*** rlogind.c~ Wed Apr 17 15:34:00 1996
--- rlogind.c Wed Apr 17 15:39:23 1996
***************
*** 123,128 ****
--- 123,129 ----
char *argv[];
{
extern int __check_rhosts_file;
+ extern int __check_root_owns_rhosts;
struct sockaddr_in from;
int ch, fromlen, on;
***************
*** 139,144 ****
--- 140,148 ----
break;
case 'n':
keepalive = 0;
+ break;
+ case 's':
+ __check_root_owns_rhosts = 1;
break;
#ifdef KERBEROS
case 'k':
*** rcmd.c~ Wed Apr 17 15:33:51 1996
--- rcmd.c Wed Apr 17 15:38:17 1996
***************
*** 247,252 ****
--- 247,253 ----
}
int __check_rhosts_file = 1;
+ int __check_root_owns_rhosts = 0;
char *__rcmd_errstr;
int
***************
*** 331,336 ****
--- 332,339 ----
cp = ".rhosts not regular file";
else if (fstat(fileno(hostf), &sbuf) < 0)
cp = ".rhosts fstat failed";
+ else if (__check_root_owns_rhosts && sbuf.st_uid)
+ cp = ".rhosts owned by other than root";
else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
cp = "bad .rhosts owner";
else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604171606.QAA00530>