Bug 30590 - /etc/hosts.equiv and ~/.rhosts interaction violates POLA?
Summary: /etc/hosts.equiv and ~/.rhosts interaction violates POLA?
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2001-09-15 15:30 UTC by Gavin Atkinson
Modified: 2017-12-31 22:36 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gavin Atkinson 2001-09-15 15:30:01 UTC
A user can override a system-wide 'disallow' entry in /etc/hosts.equiv by allowing it in his .rhosts.
Similarly, users cannot override system-wide 'allow' entries in /etc/hosts.equiv by disallowing it in his .rhosts

Therefore the sysadmin of a system cannot easily prevent rlogins from another system. This would seem to be a useful thing, for example if the remote system has been compromised.
Also, if a user cares more for his account's security than the sysadmin, he can't disable rlogins.

I believe a 'disallow' entry in either file should not be overridable.

This seems to have existed throughout the 4.x series

Fix: 

Seems pretty difficult to fix nicely without a major re-write of __ivaliduser_sa, iruserok_sa and related functions in /usr/src/lib/libc/net/rcmd.c.
How-To-Repeat: Add the following to hosts.equiv:
-foo.bar.com

a user can override this global diallow by adding the following to his .rhosts file:
+foo.bar.com

Similarly, the following in hosts.equiv:
+bar.foo.com

cannot be overrided by adding the following to a users .rhosts file:
-bar.foo.com

(both tested with rlogin on 4.1-R, 4.3-R and 4.4-RC5)
Comment 1 dwmalone 2001-09-15 15:33:00 UTC
On Sat, Sep 15, 2001 at 07:20:22AM -0700, Gavin Atkinson wrote:
> Therefore the sysadmin of a system cannot easily prevent rlogins from another system. This would seem to be a useful thing, for example if the remote system has been compromised.
> Also, if a user cares more for his account's security than the sysadmin, he can't disable rlogins.

Surely you would be much better off using hosts.allow or ipfw to
prevent such connections? That way you would stop connections
using telnet and ssh too.

	David.
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:58:47 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped