From owner-freebsd-current Sun Nov 19 19:25:08 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA03188 for current-outgoing; Sun, 19 Nov 1995 19:25:08 -0800 Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA03174 for ; Sun, 19 Nov 1995 19:24:59 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id LAA28864; Mon, 20 Nov 1995 11:23:40 +0800 Date: Mon, 20 Nov 1995 11:23:39 +0800 (WST) From: Peter Wemm To: Terry Lambert cc: current@FreeBSD.ORG Subject: Re: rlogind wont allow root without password... rshd will. In-Reply-To: <199511192300.QAA01780@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG Precedence: bulk On Sun, 19 Nov 1995, Terry Lambert wrote: > > As root: > > I can do "rsh freebsdmachine sh -i" and get a root shell. > > I cannot do a "rlogin freebsdmachine" - it asks for a password. > > > > I think this is a futile attempt at "security-through-inconvenience" > > (worse than the infamous security-through-obscurity) as it achieves > > nothing but force people to use the non-wtmp-logged facility. > > You have convinced me. Someone needs to fix rsh so that the attempt > is not futile. Root access should require an explicit .rhosts; the > rlogin is failing correctly, apparently in a hosts.equiv case? rshd is working perfectly.. It is correctly ignoring hosts.equiv (via iruserok() etc in libc) but is allowing explicit configuration in the .rhosts file of root. > You haven't really documented the environment that allows the rsh to > succeed so that it can be fixed... rlogind is what I'm complaining about. It wont let me do something that I consider to be safer than having plaintext root passwords going over the network... This is what I want to change: Index: rlogind.c =================================================================== RCS file: /home/ncvs/src/libexec/rlogind/rlogind.c,v retrieving revision 1.5 diff -u -5 -r1.5 rlogind.c --- rlogind.c 1995/10/15 03:40:57 1.5 +++ rlogind.c 1995/11/20 03:19:24 @@ -585,14 +585,13 @@ getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); pwd = getpwnam(lusername); if (pwd == NULL) return (-1); - if (pwd->pw_uid == 0) - return (-1); /* XXX why don't we syslog() failure? */ - return (iruserok(dest->sin_addr.s_addr, 0, rusername, lusername)); + return (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0, + rusername, lusername)); } void getstr(buf, cnt, errmsg) char *buf; iruserok() is what is reponsible for the additional restrictions for root logins... The environment that I'm complaining about: on the server: root has /root as a home directory there is a /root/.rhosts file listing "client root" on the client, as root: rsh server sh -i works. rlogin server always asks for a plaintext password due to the above. Cheers, -Peter