ftp using .rhosts or rhsts.equiv
barmar at Think.COM
barmar at Think.COM
Sat Dec 9 15:22:47 AEST 1989
In article <Dec.8.16.10.03.1989.20166 at pilot.njin.net> drears at pilot.njin.net (Dennis G. Rears) writes:
> I thinking of changing the ftp servers on systems that I have
>control over so that the behaviour mimics rlogin/rsh.
>Is there any reason why I shouldn't do this?
It seems like a reasonable thing, but there are a number of things you'll
have to watch out for when you do it.
For security, ftp should use a privileged port to connect to the daemon,
and ftpd should check that the foreign port is privileged. This prevents
users from spoofing with "telnet <host> 20".
However, this means that you'll have to make ftp setuid root. But much of
the program probably assumes that it is running under the invoker's userid.
It should change its effective userid to its real userid except when it is
opening the port.
Barry Margolin, Thinking Machines Corp.
barmar at think.com
{uunet,harvard}!think!barmar
More information about the Comp.unix.wizards
mailing list