From owner-freebsd-security Mon Jul 28 21:39:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id VAA07652 for security-outgoing; Mon, 28 Jul 1997 21:39:46 -0700 (PDT) Received: from shell6.ba.best.com (jkb@shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA07646 for ; Mon, 28 Jul 1997 21:39:44 -0700 (PDT) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.8.5/8.7.3) with SMTP id VAA14694; Mon, 28 Jul 1997 21:39:39 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Mon, 28 Jul 1997 21:39:39 -0700 (PDT) From: Jan Koum X-Sender: jkb@shell6.ba.best.com To: Annelise Anderson cc: John Preisler , security@FreeBSD.ORG Subject: Re: security hole in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Well, yes and no. Yes: FreeBSD installs dot.rhosts in /usr/share/skel where by default new dot.files come from into user directories. Of course, most (some?) of people change the files in the directory or the default directory itself. No: The file doesn't provide any security problems initially since it has '#' at every line and therefor can't be used without further modification. Maybe: There should be no dot.rhosts at all -- that might decrease the ammount of people using it and in return minimize headache to sys admins? Than again, maybe not. Almost positive: Sholdn't this threat be taken off line by now? From what I have seen the break-in has not occured due to the critical and/or unknown bug in the FreeBSD. On Mon, 28 Jul 1997, Annelise Anderson wrote: > >On Mon, 28 Jul 1997, John Preisler wrote: > >> I'm not convinced that FreeBSD installs a /root/.rhosts by default. >> None of my boxes have it. >> >> -jrp > >Neither do mine. > > Annelise > >