From owner-freebsd-security  Sun Jun  9 20:35:36 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA15500
          for security-outgoing; Sun, 9 Jun 1996 20:35:36 -0700 (PDT)
Received: from post.io.org (post.io.org [198.133.36.6])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA15475
          for <freebsd-security@freebsd.org>; Sun, 9 Jun 1996 20:35:32 -0700 (PDT)
Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id XAA18113 for <freebsd-security@freebsd.org>; Sun, 9 Jun 1996 23:34:30 -0400 (EDT)
Date: Sun, 9 Jun 1996 23:34:35 -0400 (EDT)
From: Brian Tao <taob@io.org>
To: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Root rlogins despite /etc/ttys
Message-ID: <Pine.NEB.3.92.960609232835.23792F-100000@zap.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

    Could someone confirm this for me?  I noticed that I can rlogin as
root into a 2.2-960501-SNAP server providing that the .rhosts is setup
correctly.  The tty assigned to the login session is not marked as
secure in /etc/ttys.  Previously, the password prompt would appear
regardless, and root logins denied.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"