Bug 20847
| Summary: | Root login is allowed from trusted hosts | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Jim.Pirzyk <Jim.Pirzyk> |
| Component: | conf | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.1-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Jim.Pirzyk
2000-08-25 22:30:00 UTC
On Fri, 25 Aug 2000 14:28:32 MST, Jim.Pirzyk@disney.com wrote: > Have host A and B. Be root on A and have A in B's /root/.rhosts > file. Then rsh B and see if you get in. Isn't that the whole point of /root/.rhosts? It sounds like you're describing the intended use of the file. What am I missing here? :-) Ciao, Sheldon. On Mon, 28 Aug 2000, Sheldon Hearn wrote: > On Fri, 25 Aug 2000 14:28:32 MST, Jim.Pirzyk@disney.com wrote: > > > Have host A and B. Be root on A and have A in B's /root/.rhosts > > file. Then rsh B and see if you get in. > > Isn't that the whole point of /root/.rhosts? It sounds like you're > describing the intended use of the file. > > What am I missing here? :-) But in the ttys(5) man page, that should override the /root/.rhosts file and it does in FBSD-3.4R (that I can test it on). The /root/.rhosts allows stuff like rsh B date but without the 'secure' line in the ttys file, rlogin B should not work. yes it is a very subtle differentation. Thanks - JimP > > Ciao, > Sheldon. -- --- @(#) $Id: dot.signature,v 1.9 2000/07/10 16:43:05 pirzyk Exp $ __o Jim.Pirzyk@disney.com ------------------------------------- _'\<,_ Senior Systems Engineer, Walt Disney Feature Animation (*)/ (*) On Mon, 28 Aug 2000 08:36:39 MST, Jim Pirzyk wrote:
> But in the ttys(5) man page, that should override the /root/.rhosts file
> and it does in FBSD-3.4R (that I can test it on).
Can you quote the part of the ttys(5) manual page that suggests that
terminals which are not marked "secure" in /etc/ttys will not work with
rsh root logins? I'm not disagreeing with you, I'd just like to be
convinced.
Specifically, I can't find anything in the rsh(1) and rshd(8) manual
pages to support what you're saying.
Ciao,
Sheldon.
On Mon, 28 Aug 2000 08:50:07 MST, Jim Pirzyk wrote:
> The 6th paragraph in the DESCRIPTION section of the man page.
>
> As flag values, the strings ``on'' and ``off'' specify that init(8)
> should (should not) execute the command given in the second field, while
> ``secure'' (if ``on'' is also specified) allows users with a uid of 0 to
> login on this line. The flag ``dialin'' indicates that a tty entry de-
> scribes a dialin line, and ``network'' indicates that a tty entry pro-
> vides a network connection. Either of these strings may also be speci-
> fied in the terminal type field. The string ``window='' may be followed
> by a quoted command string which init(8) will execute before starting the
> command specified by the second field.
One of us doesn't understand what ttys(5) is for. :-)
I think this is a non-issue and that you haven't understood how ttys(5)
works, or how the r-utils work. However, since I'm aware that I'm not
an expert in this area, I'll leave the PR open for a second opinion.
:-)
Ciao,
Sheldon.
On Mon, 28 Aug 2000 09:01:11 MST, Jim Pirzyk wrote:
> But the main point is that the functionallity has changed from 3.4R to
> 4.1R (but I cannot narrow it down more than that).
>
> But thanks for looking into it.
Right. That I missed. :-)
I wish I had a RELENG_3 box to test this on.
Ciao,
Sheldon.
State Changed From-To: open->closed We've already established that the behaviour observed in 4.x is as expected. The behaviour that the originator calims to have seen in 3.x can't be reproduced on a 3.4-STABLE-20000510 box. |
