Date: Thu, 20 Mar 1997 22:02:01 +0100 From: Ollivier Robert <roberto@keltia.freenix.fr> To: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: rdist exploitation Message-ID: <19970320220201.29725@keltia.freenix.fr> References: <199703192223.RAA13287@vic.cioe.com> <199703201826.NAA06646@roundtable.cif.rochester.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Security Administrator: > As far as I know, rdist is still broken. Your best bet is to > remove the world executable permissions on the program and only allow > root/bin to run it. It has been plugged in 2.2/3.0 a long time ago: revision 1.3 date: 1996/08/10 07:54:11; author: peter; state: Exp; lines: +8 -4 Remove the need for rdist(1) to run setuid, thus completely closing any possibility of a security hole. It now does what rdist-6 does, and calls /usr/bin/rsh if not running as root. There are NO protocol changes, this is 100% compatable with the old rdist, except that it does not need setuid root privs. However, there are some minor differences to the base rdist-6 code in that if it is being run by root, it will call rcmd(3) directly rather than piping everything through rsh(1). This is a little more efficient as it doesn't involve context switching on pipe reads/writes. Also, the -P option was added from rdist-6.1.2, which allows an alternative rsh program to be specified, such as ssh. Note that it requires the fixes to the ssh port to disable the unconditional USE_PIPES option that was recently added. The rcmd(3) optimisation is disabled if a non-rsh program is speficied. -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #39: Sun Feb 2 22:12:44 CET 1997
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970320220201.29725>