Mail Archives: cygwin/2002/03/07/03:50:56

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2002/03/07/03:50:56

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <17B78BDF120BD411B70100500422FC6309E4BE@IIS000>

From: Bernard Dautrevaux <Dautrevaux AT microprocess DOT com>

To: "'Andrew DeFaria'" <Andrew AT DeFaria DOT com>, cygwin AT cygwin DOT com

Subject: RE: login: no shell: /bin/bash: Permission denied

Date: Thu, 7 Mar 2002 09:38:37 +0100

MIME-Version: 1.0

X-Mailer: Internet Mail Service (5.5.2653.19)

> -----Original Message-----
> From: Andrew DeFaria [mailto:Andrew AT DeFaria DOT com]
> Sent: Wednesday, March 06, 2002 10:56 PM
> To: cygwin AT cygwin DOT com
> Subject: Re: login: no shell: /bin/bash: Permission denied
> 

	<skipped>

> Regardless, to me it's still would be a large security hole 
> if all one 
> needs to do is:
> 
> $ echo "+" > ~/.rhosts
> 
> to be able to abuse rsh to do something under somebody else's 
> user ID is 
> it not?
> 

Note however that the "echo" above has to be done by "anotheruser"; you
can't do it. Rsh is insecure, but it at least verify that ONLY anotheruser
is able to write to its own "~/.rhosts" :-)

And if you'r e fool enough to do this, you may as well do that:

	$ echo "my password" > ~/THIS_IS_MY_PASSWORD
	$ chmod a+r ~/THIS_IS_MY_PASSWORD

:) :) :) :) 

	Bernard

--------------------------------------------
Bernard Dautrevaux
Microprocess Ingenierie
97 bis, rue de Colombes
92400 COURBEVOIE
FRANCE
Tel:	+33 (0) 1 47 68 80 80
Fax:	+33 (0) 1 47 88 97 85
e-mail:	dautrevaux AT microprocess DOT com
		b DOT dautrevaux AT usa DOT net
-------------------------------------------- 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<17B78BDF120BD411B70100500422FC6309E4BE@IIS000>
From:	Bernard Dautrevaux <Dautrevaux AT microprocess DOT com>
To:	"'Andrew DeFaria'" <Andrew AT DeFaria DOT com>, cygwin AT cygwin DOT com
Subject:	RE: login: no shell: /bin/bash: Permission denied
Date:	Thu, 7 Mar 2002 09:38:37 +0100
MIME-Version:	1.0
X-Mailer:	Internet Mail Service (5.5.2653.19)