ftp using .rhosts or rhsts.equiv

Doug McCallum dougm at ico.isc.com
Mon Dec 11 06:43:39 AEST 1989


   In article <Dec.8.16.10.03.1989.20166 at pilot.njin.net> drears at pilot.njin.net (Dennis G. Rears) writes:
   >  I thinking of changing the ftp servers on systems that I have
   >control over so that the behaviour mimics rlogin/rsh.
   >Is there any reason why I shouldn't do this?

   It seems like a reasonable thing, but there are a number of things you'll
   have to watch out for when you do it.

It isn't a safe thing to do for the reasons you outline below.

   For security, ftp should use a privileged port to connect to the daemon,
   and ftpd should check that the foreign port is privileged.  This prevents
   users from spoofing with "telnet <host> 20".

You don't even need telnet <host> 20, all you need is ftp and do the
login by hand.

   However, this means that you'll have to make ftp setuid root.  But much of
   the program probably assumes that it is running under the invoker's userid.
   It should change its effective userid to its real userid except when it is
   opening the port.

Non-UNIX systems don't have the priviledged port mechanism.  It would
be quite simple to spoof the FTP daemon even with the mechanism you
suggest.  It would be much better to add something like the Kerberos
authentication system and forget the priviledged port business.



More information about the Comp.unix.wizards mailing list