From owner-freebsd-hackers Mon Jun 24 16:55:27 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA24720 for hackers-outgoing; Mon, 24 Jun 1996 16:55:27 -0700 (PDT) Received: from onyx.auscert.org.au (onyx0.auscert.org.au [203.5.112.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA24712; Mon, 24 Jun 1996 16:55:23 -0700 (PDT) Received: from amethyst.auscert.org.au (amethyst.auscert.org.au [203.5.112.218]) by onyx.auscert.org.au (8.7.5/8.7.1) with ESMTP id JAA10960; Tue, 25 Jun 1996 09:55:15 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by amethyst.auscert.org.au (8.7.5/8.7.2) with SMTP id JAA29733; Tue, 25 Jun 1996 09:55:13 +1000 (EST) Message-Id: <199606242355.JAA29733@amethyst.auscert.org.au> X-Authentication-Warning: amethyst.auscert.org.au: Host localhost [127.0.0.1] didn't use HELO protocol X-Mailer: exmh version 1.6.7 5/3/96 To: "Jordan K. Hubbard" Cc: guido@gvr.win.tue.nl (Guido van Rooij), hackers@freebsd.org, security@freebsd.org, ache@freebsd.org Subject: Re: No comment character in hosts.equiv In-Reply-To: Your message of "Sun, 23 Jun 1996 23:29:30 MST." <10326.835597770@time.cdrom.com> Mime-Version: 1.0 Content-Type: application/pgp; format=mime; x-action=signclear; x-originator=720360CD Content-Transfer-Encoding: 7bit Date: Tue, 25 Jun 1996 09:55:12 +1000 From: Danny Smith Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii (Note the change of subject line!) "Jordan K. Hubbard" writes: > Hmmm. We have reason to believe that he *didn't* get root (though > we're still assuming he did, just to be paranoid) and if the mod times > can be trusted, hosts.equiv hasn't been touched in many months (and > localhost is commented out). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ There is no comment character in either the hosts.equiv file or the .rhosts file. Use of this may allow someone to spoof DNS and gained trusted access. Check out the code relating to calls to ruserok(). This is clearly detailed in the AUSCERT Unix Security Checklist which can probably be obtained from a mirror site near you (access to the AUSCERT ftp server has been temporarily restricted due to funding shortages). Danny Smith. ========================================================================== Danny Smith | Fax: +61 7 3365 4477 AUSCERT | Phone: +61 7 3365 4417 c/- Prentice Centre | (answered during business hours) The University of Queensland | (on call after hours for emergencies) Qld. 4072. Australia | Internet: auscert@auscert.org.au -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Finger pgp@ftp.auscert.org.au to retrieve AUSCERT's public key iQCVAwUBMc+3fSh9+71yA2DNAQECawP7B/jmCyZN6NgANUku2wFcnJ+6DyxCPTYP QsORkyWfs79PKqItgx3XLO4CpBT0YXNUC6Q2TKwopSrj0mn1gX4+zJKGImWGAE0s 5DUM8XBenfU/+rxAltPiFvneORPbTGg9wZaSlAVISuxTJH7T8LghIiPFw58oELcY WbetUnf1G7w= =mEVx -----END PGP SIGNATURE-----