Date: Fri, 11 May 2001 10:43:36 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Daniel Hauer <dh@enter.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD 4.3 RELEASE and -STABLE allows telnet root logins? Message-ID: <Pine.NEB.3.96L.1010511104304.90309K-100000@fledge.watson.org> In-Reply-To: <3AFB369D.5574182A@enter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a known problem and we are working to resolve this ASAP. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Thu, 10 May 2001, Daniel Hauer wrote: > Hello all, > After installing 4.3 release on one machine and upgrading 2 other > machines to -STABLE, I noticed there is a new mechanism used in telnetd, > namely this "SRA" authentication mechanism. While convienient, (you > don't have to type your username) I found something VERY disturbing: If > you are at a root prompt on any other BSD > based machine, you can just telnet to the 4.3 machines, and login right > in with the root username and password! This only apparently occurs from > a BSD based machine, as Myself and a co-worker tried it from 2 different > distribution Linux boxes, and we could not login as root. None of the > switches for telnetd in the inetd.conf worked to our satisfaction, and > after reading the sources, we recompiled telnetd with AUTHENTICATION=NO > to disable this behavior. What is this "SRA authentication" ? And why is > telnetd's default behavior to allow root logins at all? I realize that > any self respecting sysadmin will either use ipfirewall, ipfilter, or > good old inetd's hosts.allow file to limit telnet logins anyway, but the > question still remains.... Why? Wouldn't this SRA with a "no root" login > be a better idea? > > -- > Regards, > Daniel Hauer > Network Administration > http://www.enter.net "The Road To The Internet Starts There!" > *************************************************************************** > Windoze is for GAMES, UNIX is for the rest of us. > UNIX is like the sights on a loaded gun. If you aim the gun > at your foot and pull the trigger, it is the basic function of > UNIX to accurately deliver the bullet from the gun to the > target. In this case, it's your foot. > *************************************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010511104304.90309K-100000>