Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 25 Nov 2000 00:08:35 +0100
From:      Palle Girgensohn <girgen@partitur.se>
To:        freebsd-security@freebsd.org
Subject:   telnet, SRA & preventing remote login as root?
Message-ID:  <3A1EF4F3.1DBB456C@partitur.se>
index | next in thread | raw e-mail 

Hi!

I just realized a strange thing:

Since 4.0, telnetd has SRA support. The SRA login dialog seems
to bypass login(1) and I can't find a proper way prevent root
from beeing able to login remotely.

Here's what happens:

$ telnet hostname
Trying 1.2.3.4...
Connected to hostname.domain
Escape character is '^]'.

FreeBSD/i386 (hostname.domain) (ttyp2)

login: root
Password:
Login incorrect
login: Connection closed by foreign host.
$ 

fine, this is what I want... but:

$ telnet -l root hostname
Trying 1.2.3.4...
Connected to hostname.domain
Escape character is '^]'.
Trying SRA secure login:
User (root): root
Password: 
[ SRA accepts you ]
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All
rights reserved.
... (I'm logged in as root)

WTF!

This is a standard 4.2-RELEASE system. Before 4.0, it wasn't
possible to remotely log in as root (well, not any proper
documented way...:) and I am a bit surprised that I suddenly
can.

I tried stopping this with login.access, but it seems it is not
used by the SRA login dialog.

I tried telnetd -X SRA (in inetd.conf), and this works (but
crashes my 4.0-stable server just as PR 19606 says) but is
still a workaround, since it removes the SRA altogether.

Also, I tried telnetd -a off, and this will create double login
dialogs, the second beeing login(1):

$ telnet -l root hostname
Trying 1.2.3.4...
Connected to hostname.domain
Escape character is '^]'.
Trying SRA secure login:
User (root): root
Password: 
[ SRA accepts you ]
Password:
Login incorrect
login: root
Password:
Login incorrect
login: Connection closed by foreign host.
$


Is this intentional?

/Palle


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A1EF4F3.1DBB456C>