.rhosts and security
Gary Barnette
gbarnet at uswnvg.UUCP
Wed Jun 26 03:20:55 AEST 1991
I would like to know how some sights handle the incredible
security hole opened up when a system crashes or a system
is down for scheduled maintanance.
A PC with the rsh command or a workstation can change their
IP address and reboot, effectively mascarading as the downed
multi-user machine. It can then preform rlogin's or rsh's as
ROOT (or another user) to any another multi-user unix system
that has the downed system in their .rhosts file.
I know that this is not a new problem and the removal of the
.rhosts files would prevent it but as an administrator I don't
know if I want to be a victim of my own policy.
Would Kerberos cure this security illness?
Thanks to all that contribute,
Gary Barnette
US West NewVector
{uunet, sequent}!uswnvg!gbarnet
More information about the Comp.unix.admin
mailing list