Mail Archives: cygwin/2001/01/22/09:37:22
Keith,
On Mon, Jan 22, 2001 at 02:12:01PM +0000, Keith Starsmeare wrote:
> There appears to be a security problem with the inetd. I can access my
> NT box via rsh remotely without giving a password if I use the -l
> option to specify a valid user account:
>
> % rsh -l kstarsm kampala id
> uid=18(system) gid=512(domadmin) groups=512(domadmin)
>
> As I haven't set up the hosts.equiv or .rhosts files I would hope to see:
> % rsh -l kstarsm kampala id
> Permission denied.
IMO, it is a bug in rshd which is due to the following (from
inetutils-1.3.2/rshd/rshd.c):
void
doit(fromp)
struct sockaddr_in *fromp;
{
..
if (errorstr ||
***> pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
remuser, locuser) < 0) {
if (__rcmd_errstr)
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
remuser, hostname, locuser, __rcmd_errstr,
cmdbuf);
..
}
Since Cygwin's mkpasswd creates an empty pw_passwd field, the above
code never calls iruserok(). Hence, any user is allowed rsh access.
I "fixed" the problem by inserting asterisks into the pw_passwd
fields in my /etc/passwd file. For example:
jt:*:1004:513:Jason Tishler,S-1...
^
+--- here
I never submitted a patch because it seems like the s-commands (i.e.,
ssh) are much more in vogue then the r-commands (i.e., rsh) now a days.
Jason
--
Jason Tishler
Director, Software Engineering Phone: +1 (732) 264-8770 x235
Dot Hill Systems Corp. Fax: +1 (732) 264-8798
82 Bethany Road, Suite 7 Email: Jason DOT Tishler AT dothill DOT com
Hazlet, NJ 07730 USA WWW: http://www.dothill.com
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -