How safe is rlogin protocol ?
Jan Derriks
jand at maestro.htsa.aha.nl
Fri Mar 9 21:04:11 AEST 1990
> What About Those People
> Who Continue to Ask Stupid or Frequently Asked Questions
I suppose I'll be one of those now:
A student was so smart as to make a .rhosts file in uucppublic and thus
being able to work under uid=uucp.
Fixing this, my collegue said it's always possible to 'break in' a users
account by talking the right protocol to rlogind (if a .rhosts exists).
Just say your 'billy' and start a remote shell as user 'billy'.
Is it so easy ? How is the rlogin protocol protected against this ?
>
>Just send them a polite mail message, possibly referring them to this document.
>There is no need to flame them on the net - it's busy enough as it is.
>
Thanx.
--
Jan Derriks | AHA-TMF (H.T.S. 'Amsterdam'),
jand at maestro.htsa.aha.nl | Europaboulevard 23,
(or ..hp4nl!htsa!jand) | 1079 PC Amsterdam,
phone: +31 20423827 | the Netherlands.
More information about the Comp.unix.questions
mailing list