Date: Tue, 15 Dec 1998 23:20:45 -0800 (PST) From: Peter Wemm <peter@FreeBSD.ORG> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: cvs commit: src/libexec/rlogind rlogind.c src/libexec/rshd rshd.8 rshd.c Message-ID: <199812160720.XAA02795@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
peter 1998/12/15 23:20:45 PST
Modified files:
libexec/rlogind rlogind.c
libexec/rshd rshd.8 rshd.c
Log:
As previously threatened, clean up the rshd -a option and make it default
on rshd and rlogind. However, note that:
1: rshd used to drop a connection with -a if the hostname != ip address.
This is unneeded, because iruserok() does it's own checking.
It was also wrong if .rhosts had an explicit IP address in it,
connections would be dropped from that host solely because the DNS was
mismatched even though it was explicitly intended to work by IP address.
2: rlogind and rshd check the hostname mappings by default now because that
is what goes into the utmp/wtmp and logs. If the hostname != ip address,
then it uses the IP address for logging/utmp/wtmp purposes. There isn't
much point logging ficticious hostnames.
3: rshd -a is now accepted (but ignored) for compatability. If you really
want to make life miserable for people with bad reverse DNS, use tcpd in
paranoid mode (which is questionable anyway, given DNS ttl tweaking).
Revision Changes Path
1.20 +21 -47 src/libexec/rlogind/rlogind.c
1.14 +3 -11 src/libexec/rshd/rshd.8
1.23 +26 -53 src/libexec/rshd/rshd.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812160720.XAA02795>