"on" command
Matt Landau
mlandau at diamond.bbn.com
Tue Nov 14 02:56:07 AEST 1989
The basic problem is that rexd is too trusting about who a request is
coming from, making it trivial to masquerade as any host and (non-root)
user and execute remote commands on any machine that runs rexd. I don't
want to provide any more details in a public forum, since there are
already too many people who know about this :-)
We fixed the problem by modifying the rexd sources so they get the host
name corresponding to the IP address of the incoming request and make sure
it's in /etc/hosts.equiv before agreeing to process the request. This
makes on exactly as (in)secure as rsh/rlogin, which seems to be good
enough for most people's purposes.
Matt Landau Rebel without a clue.
mlandau at bbn.com
More information about the Comp.sys.sun
mailing list