Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Message-ID: <3C86961C.5040209@cportcorp.com>
Date: Wed, 06 Mar 2002 17:20:12 -0500
From: Peter Buckley <peter.buckley@cportcorp.com>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: login: no shell: /bin/bash: Permission denied
References: <m3eliylhc2.fsf@appel.lilypond.org> <20020306101433.P13590@cygbert.vinschen.de> <3C866A0B.6040500@DeFaria.com> <20020306213202.C13590@cygbert.vinschen.de> <3C869077.3090705@DeFaria.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


> Regardless, to me it's still would be a large security hole if all one 
> needs to do is:
> 
> $ echo "+" > ~/.rhosts
> 
> to be able to abuse rsh to do something under somebody else's user ID is 
> it not?


rsh is inherently insecure. Attempts to make it secure are not 
worthwhile (in fact, they tend to break rsh). Especially in the land of 
NT insecurity, trying to make rsh secure simply makes it unusable.

HTH,
Peter


> 
> 
> 
> -- 
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/