Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 Sep 2001 07:20:22 -0700 (PDT)
From:      Gavin Atkinson <ga105@york.ac.uk>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/30590: /etc/hosts.equiv and ~/.rhosts interaction violates POLA?
Message-ID:  <200109151420.f8FEKMc89083@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         30590
>Category:       misc
>Synopsis:       /etc/hosts.equiv and ~/.rhosts interaction violates POLA?
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 15 07:30:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Gavin Atkinson
>Release:        4.4-RC5
>Organization:
URY
>Environment:
FreeBSD ury3.york.ac.uk 4.4-RC FreeBSD 4.4-RC #3: Fri Sep 14 22:17:55 BST 2001     root@ury3.york.ac.uk:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
A user can override a system-wide 'disallow' entry in /etc/hosts.equiv by allowing it in his .rhosts.
Similarly, users cannot override system-wide 'allow' entries in /etc/hosts.equiv by disallowing it in his .rhosts

Therefore the sysadmin of a system cannot easily prevent rlogins from another system. This would seem to be a useful thing, for example if the remote system has been compromised.
Also, if a user cares more for his account's security than the sysadmin, he can't disable rlogins.

I believe a 'disallow' entry in either file should not be overridable.

This seems to have existed throughout the 4.x series

>How-To-Repeat:
Add the following to hosts.equiv:
-foo.bar.com

a user can override this global diallow by adding the following to his .rhosts file:
+foo.bar.com

Similarly, the following in hosts.equiv:
+bar.foo.com

cannot be overrided by adding the following to a users .rhosts file:
-bar.foo.com

(both tested with rlogin on 4.1-R, 4.3-R and 4.4-RC5)
>Fix:
Seems pretty difficult to fix nicely without a major re-write of __ivaliduser_sa, iruserok_sa and related functions in /usr/src/lib/libc/net/rcmd.c.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109151420.f8FEKMc89083>