On Fri, 12 May 2000, Nick Sayer wrote:
> I would like to gather some opinions in regards to _very slightly_
> backing off
> on rexec's security.
>
> rexec makes the following checks, and refuses to allow usage if any are
> true:
>
> uid == 0
I turned off this check at sarnoff six years
In message <[EMAIL PROTECTED]> Nick Sayer writes:
: Warner Losh wrote:
:
: > [...] In the absense of this
: > test, machines in a yp netowrk would be extremely vulnerable to root
: > uid penetration when an intruder can hack the yp database, or spoof
: > replies.
:
: Ok. How about adding an rexe
Warner Losh wrote:
> [...] In the absense of this
> test, machines in a yp netowrk would be extremely vulnerable to root
> uid penetration when an intruder can hack the yp database, or spoof
> replies.
Ok. How about adding an rexecd command line flag to disable
that test (with suitable warnings
In message <[EMAIL PROTECTED]> Nick Sayer writes:
: I put it to everyone that the first and third checks are equivalent and
: redundant.
They are not redundant. They provide a little (although not much)
extra security for those sites that have had a root account added by
intruders which the admi
>What you say is correct, but personally I think deprecated really should
>mean deprecated. There are better alternatives to rexec (ssh - open or
>otherwise) and they ought to be pushed.
FreeBSD provides tools for people, we don't enforce our policy on them.
I think the proposed change makes se
On Fri, 12 May 2000, Nick Sayer wrote:
> I would like to gather some opinions in regards to _very slightly_
> backing off
> on rexec's security.
Don't do it?
> rexec makes the following checks...
[ uid==0, password blank, uname in /etc/ftpusers ]
> I put it to everyone that the first and third
I would like to gather some opinions in regards to _very slightly_
backing off
on rexec's security.
rexec makes the following checks, and refuses to allow usage if any are
true:
uid == 0
password is blank
user is in /etc/ftpusers
I put it to everyone that the first and t
7 matches
Mail list logo
