Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Aug 2000 13:49:27 -0700
From:      Jim Pirzyk <Jim.Pirzyk@disney.com>
To:        Doug Barton <Doug@gorean.org>, Sheldon Hearn <sheldonh@uunet.co.za>
Cc:        freebsd-bugs@FreeBSD.org, Jim.Pirzyk@disney.com
Subject:   Re: conf/20847: root login from trusted hosts
Message-ID:  <00082813501700.05807@snoopy.fan.fa.disney.com>
In-Reply-To: <Pine.BSF.4.21.0008281322560.70924-100000@24-25-220-168.san.rr.com>
References:  <Pine.BSF.4.21.0008281322560.70924-100000@24-25-220-168.san.rr.com>
index | next in thread | previous in thread | raw e-mail 

On Mon, 28 Aug 2000, Doug Barton wrote:
> On Mon, 28 Aug 2000, Sheldon Hearn wrote:
> 
> > The following reply was made to PR conf/20847; it has been noted by GNATS.
> > 
> > From: Sheldon Hearn <sheldonh@uunet.co.za>
> > To: Jim Pirzyk <Jim.Pirzyk@disney.com>
> >  
> >  > The 6th paragraph in the DESCRIPTION section of the man page.
> 
> >  I think this is a non-issue and that you haven't understood how ttys(5)
> >  works, or how the r-utils work.  However, since I'm aware that I'm not
> >  an expert in this area, I'll leave the PR open for a second opinion.
> 
> 	Controls in /etc/ttys only apply to "things" that use a tty to
> access the machine, where "things" is pretty much restricted to telnet,
> since other "things" like ssh do their own root access controls. 

But rlogin does use a tty and in 3.4-R it did prevent root to rlogin
over the network, but now in 4.1-R it does not prevent it.  This
has changed....

- JimP
> 
> 	In the case of the r-utils, they do not allocate a tty, and
> therefore, as Sheldon described the behavior you are experiencing is
> expected, and correct. If you don't want that type of root access, disable
> the r-utils altogether and use another tool (which I HIGHLY recommend for
> you in any case). 
> 
> Good luck,
> 
> Doug (Just call me Mr. Second Opinion) Barton
> -- 
>         "Live free or die"
> 		- State motto of my ancestral homeland, New Hampshire
> 
> 	Do YOU Yahoo!?
-- 
--- @(#) $Id: dot.signature,v 1.9 2000/07/10 16:43:05 pirzyk Exp $
    __o   Jim.Pirzyk@disney.com -------------------------------------
 _'\<,_   Senior Systems Engineer, Walt Disney Feature Animation 
(*)/ (*)  


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00082813501700.05807>