From owner-freebsd-security Mon Jun 10 02:25:57 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA09371 for security-outgoing; Mon, 10 Jun 1996 02:25:57 -0700 (PDT) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA09309; Mon, 10 Jun 1996 02:25:50 -0700 (PDT) Received: by gvr.win.tue.nl (8.6.12/1.53) id LAA10677; Mon, 10 Jun 1996 11:25:40 +0200 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199606100925.LAA10677@gvr.win.tue.nl> Subject: Re: Root rlogins despite /etc/ttys To: taob@io.org (Brian Tao) Date: Mon, 10 Jun 1996 11:25:39 +0200 (MET DST) Cc: freebsd-security@freebsd.org, peter@freebsd.org In-Reply-To: from Brian Tao at "Jun 9, 96 11:34:35 pm" X-Mailer: ELM [version 2.4ME+ PL17 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brian Tao wrote: > Could someone confirm this for me? I noticed that I can rlogin as > root into a 2.2-960501-SNAP server providing that the .rhosts is setup > correctly. The tty assigned to the login session is not marked as > secure in /etc/ttys. Previously, the password prompt would appear > regardless, and root logins denied. I think this is caused by this commit: revision 1.6 date: 1995/11/20 23:25:35; author: peter; state: Exp; lines: +2 -3 Stop rlogind from bogusly ignoring an explicit .rhosts file for root. It still correctly ignores hosts.equiv. This is now consistant with rshd. I'll include the author in the Cc: and let him comment about this. I agree that at least the tty needs to be checked on its secuirty in the ttys file. -Guido