From owner-freebsd-security Mon Jun 24 23:42:11 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA21515 for security-outgoing; Mon, 24 Jun 1996 23:42:11 -0700 (PDT) Received: from onyx.auscert.org.au (onyx0.auscert.org.au [203.5.112.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA21432; Mon, 24 Jun 1996 23:41:54 -0700 (PDT) Received: from amethyst.auscert.org.au (amethyst.auscert.org.au [203.5.112.218]) by onyx.auscert.org.au (8.7.5/8.7.1) with ESMTP id QAA11651; Tue, 25 Jun 1996 16:41:15 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by amethyst.auscert.org.au (8.7.5/8.7.2) with SMTP id QAA04407; Tue, 25 Jun 1996 16:41:12 +1000 (EST) Message-Id: <199606250641.QAA04407@amethyst.auscert.org.au> X-Authentication-Warning: amethyst.auscert.org.au: Host localhost [127.0.0.1] didn't use HELO protocol X-Mailer: exmh version 1.6.7 5/3/96 To: guido@gvr.win.tue.nl (Guido van Rooij) cc: danny@auscert.org.au (Danny Smith), jkh@time.cdrom.com, hackers@freebsd.org, security@freebsd.org, ache@freebsd.org Subject: Re: No comment character in hosts.equiv In-reply-to: Your message of "Tue, 25 Jun 1996 08:36:16 +0200." <199606250636.IAA18992@gvr.win.tue.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 25 Jun 1996 16:41:10 +1000 From: Danny Smith Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Guido van Rooij writes: > Danny Smith wrote: > -- Start of PGP encoded section. > > (Note the change of subject line!) > > > > "Jordan K. Hubbard" writes: > > > > > Hmmm. We have reason to believe that he *didn't* get root (though > > > we're still assuming he did, just to be paranoid) and if the mod times > > > can be trusted, hosts.equiv hasn't been touched in many months (and > > > localhost is commented out). > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > There is no comment character in either the hosts.equiv file or the > > .rhosts file. Use of this may allow someone to spoof DNS and gained > > trusted access. > > > > Check out the code relating to calls to ruserok(). > > Wrong. FreeBSD has a comment char. Put in before the release of 2.1.0. > Look in usr/src/lib/libc/net/rcmd.c in __ivaliduser. OK, I verified this on our 2.0.5 test system before mailing. Looks like I may have been hit by the "checking the previous version" problem. I haven't checked a 2.1.0 system, but will try and get to it tomorrow. Danny Smith. ========================================================================== Danny Smith | Fax: +61 7 3365 4477 AUSCERT | Phone: +61 7 3365 4417 c/- Prentice Centre | (answered during business hours) The University of Queensland | (on call after hours for emergencies) Qld. 4072. Australia | Internet: auscert@auscert.org.au