Date: Wed, 17 Apr 1996 16:06:08 GMT From: James Raynard <jraynard@dial.pipex.com> To: freebsd-hackers@freebsd.org Subject: Extra option for rlogind? Message-ID: <199604171606.QAA00530@dial.pipex.com>
next in thread | raw e-mail | index | archive | help
I saw this in a discussion about .rhosts files on comp.security.unix (this poster was referring to Linux):- >Our rlogind has a -s flag which will only read .rhosts files if they are >owned by root. So users cannot create their own .rhosts files, without >root knowing about it. >More work for the sysadmin, and mabye not feasible on a machine with a lot >of users, but it works for us. This would be very easy to add, as per the following (untested) patches. Would this be a worthwhile addition, or is it just another silly Linux gimmick? 8-) James *** rlogind.c~ Wed Apr 17 15:34:00 1996 --- rlogind.c Wed Apr 17 15:39:23 1996 *************** *** 123,128 **** --- 123,129 ---- char *argv[]; { extern int __check_rhosts_file; + extern int __check_root_owns_rhosts; struct sockaddr_in from; int ch, fromlen, on; *************** *** 139,144 **** --- 140,148 ---- break; case 'n': keepalive = 0; + break; + case 's': + __check_root_owns_rhosts = 1; break; #ifdef KERBEROS case 'k': *** rcmd.c~ Wed Apr 17 15:33:51 1996 --- rcmd.c Wed Apr 17 15:38:17 1996 *************** *** 247,252 **** --- 247,253 ---- } int __check_rhosts_file = 1; + int __check_root_owns_rhosts = 0; char *__rcmd_errstr; int *************** *** 331,336 **** --- 332,339 ---- cp = ".rhosts not regular file"; else if (fstat(fileno(hostf), &sbuf) < 0) cp = ".rhosts fstat failed"; + else if (__check_root_owns_rhosts && sbuf.st_uid) + cp = ".rhosts owned by other than root"; else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) cp = "bad .rhosts owner"; else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604171606.QAA00530>