From owner-freebsd-questions  Fri Nov  1 10:34:44 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA13953
          for questions-outgoing; Fri, 1 Nov 1996 10:34:44 -0800 (PST)
Received: from seabass.progroup.com (catfish.progroup.com [206.24.122.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA13932
          for <questions@FreeBSD.ORG>; Fri, 1 Nov 1996 10:34:37 -0800 (PST)
Received: (from craig@localhost) by seabass.progroup.com (8.7.5/8.6.12) id KAA29070 for questions@FreeBSD.ORG; Fri, 1 Nov 1996 10:32:49 -0800 (PST)
Message-Id: <199611011832.KAA29070@seabass.progroup.com>
Subject: Re: rcp by root
To: questions@FreeBSD.ORG
Date: Fri, 1 Nov 1996 10:32:49 -0800 (PST)
From: "Craig Shaver" <craig@ProGroup.COM>
In-Reply-To: <Pine.BSI.3.94.961029233141.369t-100000@gdi.uoregon.edu> from "Doug White" at Oct 29, 96 11:32:37 pm
X-Mailer: ELM [version 2.4 PL25 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> On Mon, 28 Oct 1996, Mike Salmons wrote:
> 
> > I can't setup my system to allow root to rcp from another freebsd system, it
> > works ok as a user. I have a /.rhosts and a /etc/hosts.equiv file with the
> > remote system listed. What else am I missing?
> 
> This is probably a huge security violation since anyone with the root
> password now has root access your computer too (using rsh & the other
> r-utilities). 
> 
> Doug White                              | University of Oregon  
> Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
> http://gladstone.uoregon.edu/~dwhite    | Computer Science Major
> 
> 

I set up .rhosts in the /root directory and qualified it by the full 
host name.  I will take it out now, and only put it in when I
need to do backups to a remote tape.  However, not just anyone with
root can access this.  I tried from another machine on the internet
where I have root access.  I got a message to the effect that root
login was denied on that terminal.   I think You would have to spoof 
the fully qualified domain name to make it work.  How hard is it 
to do that?

-- 
Craig Shaver  (craig@progroup.com) (415)390-0654 
Productivity Group POB 60458 Sunnyvale, CA  94088