Date: Wed, 7 May 1997 03:47:38 +0100 (BST) From: Mark Valentine <mark@linus.demon.co.uk> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/3524: rlogin doesn't read $HOSTALIASES for non-root users Message-ID: <199705070247.DAA20678@linus.demon.co.uk> Resent-Message-ID: <199705070250.TAA25818@hub.freebsd.org>
index | next in thread | raw e-mail
>Number: 3524 >Category: bin >Synopsis: rlogin doesn't read $HOSTALIASES for non-root users >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 6 19:50:02 PDT 1997 >Last-Modified: >Originator: Mark Valentine >Organization: >Release: FreeBSD 3.0-CURRENT i386 >Environment: >Description: Revision 1.13 of libc/net/res_query.c breaks usage of user HOSTALIASES file with setuid/setgid programs (such as rlogin), unless the user is root. >How-To-Repeat: $ echo foohost foohost.some.domain >>$HOME/.hosts $ export HOSTALIASES=$HOME/.hosts $ rlogin foohost foohost: Unknown host >Fix: Perhaps the security check might be a little more clever (along the lines of the ~/.rhosts check in iruserok()) - don't fail if the file is world readable, or if the real user is the owner of the file. >Audit-Trail: >Unformatted:help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705070247.DAA20678>