Date: Tue, 25 Jun 1996 09:55:12 +1000 From: Danny Smith <danny@auscert.org.au> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: guido@gvr.win.tue.nl (Guido van Rooij), hackers@freebsd.org, security@freebsd.org, ache@freebsd.org Subject: Re: No comment character in hosts.equiv Message-ID: <199606242355.JAA29733@amethyst.auscert.org.au> In-Reply-To: Your message of "Sun, 23 Jun 1996 23:29:30 MST." <10326.835597770@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii (Note the change of subject line!) "Jordan K. Hubbard" writes: > Hmmm. We have reason to believe that he *didn't* get root (though > we're still assuming he did, just to be paranoid) and if the mod times > can be trusted, hosts.equiv hasn't been touched in many months (and > localhost is commented out). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ There is no comment character in either the hosts.equiv file or the .rhosts file. Use of this may allow someone to spoof DNS and gained trusted access. Check out the code relating to calls to ruserok(). This is clearly detailed in the AUSCERT Unix Security Checklist which can probably be obtained from a mirror site near you (access to the AUSCERT ftp server has been temporarily restricted due to funding shortages). Danny Smith. ========================================================================== Danny Smith | Fax: +61 7 3365 4477 AUSCERT | Phone: +61 7 3365 4417 c/- Prentice Centre | (answered during business hours) The University of Queensland | (on call after hours for emergencies) Qld. 4072. Australia | Internet: auscert@auscert.org.au -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Finger pgp@ftp.auscert.org.au to retrieve AUSCERT's public key iQCVAwUBMc+3fSh9+71yA2DNAQECawP7B/jmCyZN6NgANUku2wFcnJ+6DyxCPTYP QsORkyWfs79PKqItgx3XLO4CpBT0YXNUC6Q2TKwopSrj0mn1gX4+zJKGImWGAE0s 5DUM8XBenfU/+rxAltPiFvneORPbTGg9wZaSlAVISuxTJH7T8LghIiPFw58oELcY WbetUnf1G7w= =mEVx -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606242355.JAA29733>