From owner-freebsd-bugs Sat Sep 15 7:40: 5 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id EA64337B403 for ; Sat, 15 Sep 2001 07:40:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f8FEe2w91340; Sat, 15 Sep 2001 07:40:02 -0700 (PDT) (envelope-from gnats) Date: Sat, 15 Sep 2001 07:40:02 -0700 (PDT) Message-Id: <200109151440.f8FEe2w91340@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: David Malone Subject: Re: misc/30590: /etc/hosts.equiv and ~/.rhosts interaction violates POLA? Reply-To: David Malone Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR misc/30590; it has been noted by GNATS. From: David Malone To: Gavin Atkinson Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/30590: /etc/hosts.equiv and ~/.rhosts interaction violates POLA? Date: Sat, 15 Sep 2001 15:33:00 +0100 On Sat, Sep 15, 2001 at 07:20:22AM -0700, Gavin Atkinson wrote: > Therefore the sysadmin of a system cannot easily prevent rlogins from another system. This would seem to be a useful thing, for example if the remote system has been compromised. > Also, if a user cares more for his account's security than the sysadmin, he can't disable rlogins. Surely you would be much better off using hosts.allow or ipfw to prevent such connections? That way you would stop connections using telnet and ssh too. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message