From owner-freebsd-current Sat Nov 18 20:22:45 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA10808 for current-outgoing; Sat, 18 Nov 1995 20:22:45 -0800 Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA10788 for ; Sat, 18 Nov 1995 20:21:59 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id MAA21397; Sun, 19 Nov 1995 12:21:34 +0800 Date: Sun, 19 Nov 1995 12:21:34 +0800 (WST) From: Peter Wemm To: current@freebsd.org Subject: rlogind wont allow root without password... rshd will. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@freebsd.org Precedence: bulk I think this is a bug.. As root: I can do "rsh freebsdmachine sh -i" and get a root shell. I cannot do a "rlogin freebsdmachine" - it asks for a password. I think this is a futile attempt at "security-through-inconvenience" (worse than the infamous security-through-obscurity) as it achieves nothing but force people to use the non-wtmp-logged facility. rlogind (as in 4.4BSD) has a test for UID==0 to disable the .rhosts check, forcing the root password to go over the net in the clear. This IMHO is a bigger risk than the existing vouch-safe security. If a site is deliberatly allowing root to have a .rhosts file then they should be allowed to shoot their own foot if they haven't made enough safeguards. Note that FreeBSD has a random number mixed into the tcp iss variable, which makes IP spoofing at least several orders of magnitude harder to do. Having somebody sniff the root password is a far bigger risk than a successful IP spoofing attack. I'd like to take the test out... Have I forgotten something? Objections? (Yes, I know about ssh... :-) -Peter