Here is a more complete excerpt from the book in question,
Mastering FreeBSD and OpenBSD Security, section 2.1.3.1. Candidates
for system immutable:
It's sometimes also useful to create "blocker" files that are
immutable to prevent file-creation exploits from creating holes.
Imagine a file-creation exploit that creates a ~root/.rhosts file
containing +. Your rsh/rlogin daemons (that for some crazy reason
you didn't disable yet) will now permit root logins from any system
with no password (see rhosts(5) for more information). If you
create the file, make it empty, and then make it immutable, you
protect yourself from an attack like this. There is an equivalent
~root/.shosts file that is used by ssh; it could also be blocked
this way.
I think they mean a hypothetical situation in which someone had
enabled those services. OpenBSD strives to be "secure by default" a
point covered in other chapters of the book.
Elio Grieco
On Nov 18, 2006, at 7:58 AM, Maverick wrote:
Hi
i am trying to secure my OpenBSD.
I am quite new to OpenBSD so i am reading the book "Mastering
FreeBSD And
OpenBSD Security "
It said "Your rsh/rlogin daemons (that for some crazy reason you
didn't
disable yet) will now permit root logins from any system with no
password"
Is that mean i should disable rsh ? Or disable rlogin ?
If one of them so can you please tell me how can i do it?
Thanks a lot
Best regard
Maverick
