Date: Tue, 15 Oct 1996 18:09:57 +0100 (BST) From: Brian Candler <B.Candler@pobox.com> To: bugs@freebsd.org Cc: t12@psg.com Subject: FreeBSD security bug Message-ID: <199610151709.SAA02460@gazebo.candler.demon.co.uk>
next in thread | raw e-mail | index | archive | help
I found what I believe is a security bug in FreeBSD while using it in the NATO Advanced Networking Workshop in St Petersburg. It appears that if a FreeBSD box has no root password, it will accept 'r' commands for root from *any* machine, even with no entry in ~root/.rhosts This was actually quite useful (we could 'rdist' files from any PC to any other PC without having to enable it on the destination machines) but I presume unintentional :-) Brian Candler <B.Candler@pobox.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610151709.SAA02460>