From owner-freebsd-questions  Fri Mar 10 12: 9:52 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from fedde.littleton.co.us (fedde.littleton.co.us [216.17.174.44])
	by hub.freebsd.org (Postfix) with ESMTP id 1242F37B82C
	for <freebsd-questions@FreeBSD.ORG>; Fri, 10 Mar 2000 12:09:46 -0800 (PST)
	(envelope-from cfedde@fedde.littleton.co.us)
Received: from fedde.littleton.co.us (localhost.fedde.littleton.co.us [127.0.0.1])
	by fedde.littleton.co.us (8.10.0.Beta12/8.10.0.Beta10) with ESMTP id e2AK9em75462;
	Fri, 10 Mar 2000 13:09:40 -0700 (MST)
Message-Id: <200003102009.e2AK9em75462@fedde.littleton.co.us>
To: Paul Orr <Paul.Orr@jetsam.com>
Cc: freebsd-questions@FreeBSD.ORG
From: Chris Fedde <chris@fedde.littleton.co.us>
Subject: Re: rhosts mask really makes a difference? 
In-reply-to: Your message of "Fri, 10 Mar 2000 11:27:53 PST."
             <200003101927.LAA41201@jetsam.com> 
Date: Fri, 10 Mar 2000 13:09:40 -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Paul Orr writes:
 +---------------
 | 
 | Why is it that (under 3.4 at least) if your .rhosts file protection
 | is 664 you are unable to rlogin without a password?
 | 
 | Some sort of funky security measure?
 | 
 | Paul Orr
 +---------------

Yup! the issue is the write bit on group.  As bad as security in
rsh is, it is still a good idea to minimize the impact of the
transitive property of trust.  Unfortunately iruserok(3) still does
not check that the path to .rhosts can be trusted.

chris
__
Chris Fedde	  <chris@fedde.littleton.co.us>
303 773 9134


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message