Date: Fri, 12 May 2000 07:18:29 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: hackers@freebsd.org Subject: rexec as root Message-ID: <391C12B5.E5A2DCD3@quack.kfu.com>
next in thread | raw e-mail | index | archive | help
I would like to gather some opinions in regards to _very slightly_ backing off on rexec's security. rexec makes the following checks, and refuses to allow usage if any are true: uid == 0 password is blank user is in /etc/ftpusers I put it to everyone that the first and third checks are equivalent and redundant. Moreover, since the first check can be done by the third check (and is at install time by default) without recompiling rexecd, removing the first check results in no real loss of security, while slightly increasing flexibility for those who have some need for it. Yes, the r commands are deprecated. But they are still there, and I am all for allowing the administrator to decide to override defaults rather than forcing them to alter the source and recompile it. Comments? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?391C12B5.E5A2DCD3>