From owner-freebsd-bugs  Mon Aug 28 13:50:40 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from mail11.disney.com (mail11.disney.com [208.246.35.55])
	by hub.freebsd.org (Postfix) with ESMTP id CE6AC37B422
	for <freebsd-bugs@FreeBSD.org>; Mon, 28 Aug 2000 13:50:27 -0700 (PDT)
Received: from pain.corp.disney.com (pain.corp.disney.com [153.7.231.100])
	by mail11.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id e7SL15129681
	for <freebsd-bugs@FreeBSD.org>; Mon, 28 Aug 2000 14:01:05 -0700 (PDT)
Received: from louie.fa.disney.com by pain.corp.disney.com with ESMTP for freebsd-bugs@FreeBSD.org; Mon, 28 Aug 2000 13:50:47 -0700
Received: from mercury.fan.fa.disney.com (mercury.fan.fa.disney.com [153.7.119.1])
	by louie.fa.disney.com (8.9.2/8.9.2) with ESMTP id NAA07634
	for <freebsd-bugs@FreeBSD.org>; Mon, 28 Aug 2000 13:50:17 -0700 (PDT)
	(envelope-from Jim.Pirzyk@disney.com)
Received: from snoopy.fan.fa.disney.com by mercury.fan.fa.disney.com; Mon, 28 Aug 2000 13:50:17 -0700
From: Jim Pirzyk <Jim.Pirzyk@disney.com>
Organization: Walt Disney Feature Animation
To: Doug Barton <Doug@gorean.org>,
	Sheldon Hearn <sheldonh@uunet.co.za>
Subject: Re: conf/20847: root login from trusted hosts
Date: Mon, 28 Aug 2000 13:49:27 -0700
X-Mailer: KMail [version 1.0.28]
Content-Type: text/plain
Cc: freebsd-bugs@FreeBSD.org, Jim.Pirzyk@disney.com
References: <Pine.BSF.4.21.0008281322560.70924-100000@24-25-220-168.san.rr.com>
In-Reply-To: <Pine.BSF.4.21.0008281322560.70924-100000@24-25-220-168.san.rr.com>
MIME-Version: 1.0
Message-Id: <00082813501700.05807@snoopy.fan.fa.disney.com>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 28 Aug 2000, Doug Barton wrote:
> On Mon, 28 Aug 2000, Sheldon Hearn wrote:
> 
> > The following reply was made to PR conf/20847; it has been noted by GNATS.
> > 
> > From: Sheldon Hearn <sheldonh@uunet.co.za>
> > To: Jim Pirzyk <Jim.Pirzyk@disney.com>
> >  
> >  > The 6th paragraph in the DESCRIPTION section of the man page.
> 
> >  I think this is a non-issue and that you haven't understood how ttys(5)
> >  works, or how the r-utils work.  However, since I'm aware that I'm not
> >  an expert in this area, I'll leave the PR open for a second opinion.
> 
> 	Controls in /etc/ttys only apply to "things" that use a tty to
> access the machine, where "things" is pretty much restricted to telnet,
> since other "things" like ssh do their own root access controls. 

But rlogin does use a tty and in 3.4-R it did prevent root to rlogin
over the network, but now in 4.1-R it does not prevent it.  This
has changed....

- JimP
> 
> 	In the case of the r-utils, they do not allocate a tty, and
> therefore, as Sheldon described the behavior you are experiencing is
> expected, and correct. If you don't want that type of root access, disable
> the r-utils altogether and use another tool (which I HIGHLY recommend for
> you in any case). 
> 
> Good luck,
> 
> Doug (Just call me Mr. Second Opinion) Barton
> -- 
>         "Live free or die"
> 		- State motto of my ancestral homeland, New Hampshire
> 
> 	Do YOU Yahoo!?
-- 
--- @(#) $Id: dot.signature,v 1.9 2000/07/10 16:43:05 pirzyk Exp $
    __o   Jim.Pirzyk@disney.com -------------------------------------
 _'\<,_   Senior Systems Engineer, Walt Disney Feature Animation 
(*)/ (*)  


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message