From owner-freebsd-hackers  Mon Jun 24 23:36:50 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA20572
          for hackers-outgoing; Mon, 24 Jun 1996 23:36:50 -0700 (PDT)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA20552;
          Mon, 24 Jun 1996 23:36:44 -0700 (PDT)
Received: by gvr.win.tue.nl (8.6.12/1.53)
    id IAA18992; Tue, 25 Jun 1996 08:36:17 +0200
From: guido@gvr.win.tue.nl (Guido van Rooij)
Message-Id: <199606250636.IAA18992@gvr.win.tue.nl>
Subject: Re: No comment character in hosts.equiv
To: danny@auscert.org.au (Danny Smith)
Date: Tue, 25 Jun 1996 08:36:16 +0200 (MET DST)
Cc: jkh@time.cdrom.com, hackers@freebsd.org, security@freebsd.org,
        ache@freebsd.org
In-Reply-To: <199606242355.JAA29733@amethyst.auscert.org.au> from Danny Smith at "Jun 25, 96 09:55:12 am"
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Danny Smith wrote:
-- Start of PGP encoded section.
> (Note the change of subject line!)
> 
> "Jordan K. Hubbard" writes:
> 
> > Hmmm.  We have reason to believe that he *didn't* get root (though
> > we're still assuming he did, just to be paranoid) and if the mod times
> > can be trusted, hosts.equiv hasn't been touched in many months (and
> > localhost is commented out).
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> There is no comment character in either the hosts.equiv file or the
> .rhosts file.  Use of this may allow someone to spoof DNS and gained
> trusted access.
> 
> Check out the code relating to calls to ruserok().

Wrong. FreeBSD has a comment char. Put in before the release of 2.1.0.
Look in usr/src/lib/libc/net/rcmd.c in __ivaliduser.

-Guido