From owner-freebsd-hackers Tue Jun 25 05:40:39 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA21983 for hackers-outgoing; Tue, 25 Jun 1996 05:40:39 -0700 (PDT) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA21976 for ; Tue, 25 Jun 1996 05:40:36 -0700 (PDT) Message-Id: <199606251240.FAA21976@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA056606358; Tue, 25 Jun 1996 22:39:18 +1000 From: Darren Reed Subject: Re: No comment character in hosts.equiv To: joerg_wunsch@uriah.heep.sax.de Date: Tue, 25 Jun 1996 22:39:18 +1000 (EST) Cc: freebsd-hackers@FreeBSD.ORG, danny@auscert.org.au In-Reply-To: <199606250802.KAA17967@uriah.heep.sax.de> from "J Wunsch" at Jun 25, 96 10:02:37 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In some mail from J Wunsch, sie said: > > As Danny Smith wrote: > > > > Wrong. FreeBSD has a comment char. > > > OK, I verified this on our 2.0.5 test system before mailing. Looks like I > > may have been hit by the "checking the previous version" problem. > > FreeBSD 2.0.5 shipped with commented-out entries in hosts.equiv and > the sample .rhosts files that caused DNS lookup timeouts (since names > starting with a hash mark were looked up). After realizing this, the > comment-character logic was braught in. > > Anyway, commented-out entries normally don't constitute a security > hole (unless a potential intruder can manipulate DNS to get the wrong > name as an alias for his host). I'd warn against this: FreeBSD is thus different to most other OS's and suggests security practices which are not safe in all circumstances. I know some things are "nice" and yes, "lets be different", but for christ sake, sometimes this just goes too far.