Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Mar 1997 22:02:01 +0100
From:      Ollivier Robert <roberto@keltia.freenix.fr>
To:        FreeBSD Security <freebsd-security@freebsd.org>
Subject:   Re: rdist exploitation
Message-ID:  <19970320220201.29725@keltia.freenix.fr>
References:  <199703192223.RAA13287@vic.cioe.com> <199703201826.NAA06646@roundtable.cif.rochester.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
According to Security Administrator:
> As far as I know, rdist is still broken.  Your best bet is to 
> remove the world executable permissions on the program and only allow 
> root/bin to run it.  

It has been plugged in 2.2/3.0 a long time ago:

revision 1.3
date: 1996/08/10 07:54:11;  author: peter;  state: Exp;  lines: +8 -4
Remove the need for rdist(1) to run setuid, thus completely closing any
possibility of a security hole.  It now does what rdist-6 does, and calls
/usr/bin/rsh if not running as root.  There are NO protocol changes, this
is 100% compatable with the old rdist, except that it does not need setuid
root privs.

However, there are some minor differences to the base rdist-6 code in that
if it is being run by root, it will call rcmd(3) directly rather than
piping everything through rsh(1).  This is a little more efficient as it
doesn't involve context switching on pipe reads/writes.

Also, the -P option was added from rdist-6.1.2, which allows an alternative
rsh program to be specified, such as ssh.  Note that it requires the fixes
to the ssh port to disable the unconditional USE_PIPES option that was
recently added.  The rcmd(3) optimisation is disabled if a non-rsh program
is speficied.

-- 
Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr
   FreeBSD keltia.freenix.fr 3.0-CURRENT #39: Sun Feb  2 22:12:44 CET 1997



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970320220201.29725>