From owner-freebsd-bugs Fri Aug 25 14:30: 7 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 934E737B43E for ; Fri, 25 Aug 2000 14:30:00 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA16426; Fri, 25 Aug 2000 14:30:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from mail11.disney.com (mail11.disney.com [208.246.35.55]) by hub.freebsd.org (Postfix) with ESMTP id EBA1937B43F for ; Fri, 25 Aug 2000 14:28:35 -0700 (PDT) Received: from pain.corp.disney.com (pain.corp.disney.com [153.7.231.100]) by mail11.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id e7PLd3114662 for ; Fri, 25 Aug 2000 14:39:04 -0700 (PDT) Received: from louie.fa.disney.com by pain.corp.disney.com with ESMTP for FreeBSD-gnats-submit@freebsd.org; Fri, 25 Aug 2000 14:28:59 -0700 Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2]) by louie.fa.disney.com (8.9.2/8.9.2) with ESMTP id OAA26485 for ; Fri, 25 Aug 2000 14:28:30 -0700 (PDT) (envelope-from pirzyk@fa.disney.com) Received: from snoopy.fan.fa.disney.com (snoopy.fan.fa.disney.com [172.30.228.110]) by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id OAA16470 for ; Fri, 25 Aug 2000 14:28:29 -0700 (PDT) (envelope-from pirzyk@fa.disney.com) Received: (from pirzyk@localhost) by snoopy.fan.fa.disney.com (8.9.3/8.9.3) id OAA84574; Fri, 25 Aug 2000 14:28:32 -0700 (PDT) (envelope-from pirzyk@fa.disney.com) Message-Id: <200008252128.OAA84574@snoopy.fan.fa.disney.com> Date: Fri, 25 Aug 2000 14:28:32 -0700 (PDT) From: Jim.Pirzyk@disney.com Reply-To: Jim.Pirzyk@disney.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: conf/20847: root login from trusted hosts Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20847 >Category: conf >Synopsis: Root login is allowed from trusted hosts >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 25 14:30:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Jim Pirzyk >Release: FreeBSD 4.1-RELEASE i386 >Organization: >Environment: Having machines in a netgroup file that are trusted between each other as root in the /root/.rhosts file. >Description: Can rsh to a remote FreeBSD host as root if the /root/.rhosts file exists with the local host in it. This is regardless of what the /etc/ttys file has in it (no secure entry on any of the networked ttys). The /etc/login.access file is the default file with everying commented out >How-To-Repeat: Have host A and B. Be root on A and have A in B's /root/.rhosts file. Then rsh B and see if you get in. >Fix: Have this line in /etc/login.access: -:root:ALL EXCEPT ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7 ttyv8 This should be setup in the default system and the 'secure' option should be taken out of the /etc/ttys file as well as the ttys man page since it does not apply anymore. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message