Date: Fri, 11 May 2001 09:50:38 +0800 From: "edwin chan" <huacheng@public.guangzhou.gd.cn> To: <freebsd-security@FreeBSD.org> Subject: Re: FreeBSD 4.3 RELEASE and -STABLE allows telnet root logins? Message-ID: <001b01c0d9bc$c7e00400$5801a8c0@suntop.com> References: <3AFB369D.5574182A@enter.net>
index | next in thread | previous in thread | raw e-mail
I have the same question, I searched many documents but can't found a answer too. hope someone can help us. edwin chan ----- Original Message ----- From: Daniel Hauer <dh@enter.net> To: <freebsd-security@freebsd.org> Sent: Friday, May 11, 2001 8:47 AM Subject: FreeBSD 4.3 RELEASE and -STABLE allows telnet root logins? > Hello all, > After installing 4.3 release on one machine and upgrading 2 other > machines to -STABLE, I noticed there is a new mechanism used in telnetd, > namely this "SRA" authentication mechanism. While convienient, (you > don't have to type your username) I found something VERY disturbing: If > you are at a root prompt on any other BSD > based machine, you can just telnet to the 4.3 machines, and login right > in with the root username and password! This only apparently occurs from > a BSD based machine, as Myself and a co-worker tried it from 2 different > distribution Linux boxes, and we could not login as root. None of the > switches for telnetd in the inetd.conf worked to our satisfaction, and > after reading the sources, we recompiled telnetd with AUTHENTICATION=NO > to disable this behavior. What is this "SRA authentication" ? And why is > telnetd's default behavior to allow root logins at all? I realize that > any self respecting sysadmin will either use ipfirewall, ipfilter, or > good old inetd's hosts.allow file to limit telnet logins anyway, but the > question still remains.... Why? Wouldn't this SRA with a "no root" login > be a better idea? > > -- > Regards, > Daniel Hauer > Network Administration > http://www.enter.net "The Road To The Internet Starts There!" > *************************************************************************** > Windoze is for GAMES, UNIX is for the rest of us. > UNIX is like the sights on a loaded gun. If you aim the gun > at your foot and pull the trigger, it is the basic function of > UNIX to accurately deliver the bullet from the gun to the > target. In this case, it's your foot. > *************************************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c0d9bc$c7e00400$5801a8c0>