rlogin over trusted hosts...

Sat Oct 15 10:50:37 AEST 1988

    I noticed a possible problem with the "rlogin" command. Typically
    the accounts such as "sys", "news", etc. cannot be logged into since
    their /etc/passwd entries have a "*" in the password field. But, over
    a network it is possible to login as "sys" or "news" etc. 
    The following sequence of commands provide the output shown and perform
    the operation of logging in as "sys":

    {the machine name say is mach_1 and the person logged on now is root}

    # su sys   
    $ whoami
      sys
    $ rlogin mach_2 -l sys
    $ hostname
      mach_2
    $ whoami
      sys 
    For this to work ofcourse, the /etc/hosts.equiv file must have the entry
    "mach_1". This allows someone with root priveleges on one machine to login
    to another machine even if he/she does not have a valid account on the
    other machine. The question remains as to what kind of implications this
    "feature" can have. Are there any potential problems that can be forseen??
    I have noticed this feature on some of the BSD derived UNIX versions.

    any takers??
   cheers
   rajan


--------------------------------------
Disclaimer: The above are my personal opinions, and in no way represent
the opinions of Intel Corporation.  In no way should the above be taken
to be a statement of Intel.
UUCP:{amdcad,decwrl,hplabs,oliveb,pur-ee,qantel}!intelca!mipos3!cadev4!rpartha
ARPA:rpartha%cadev4.intel.com at relay.cs.net
CSNET:rpartha%cadev4.intel.com