Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3C86961C.5040209@cportcorp.com>
Date: Wed, 06 Mar 2002 17:20:12 -0500
From: Peter Buckley <peter DOT buckley AT cportcorp DOT com>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2
X-Accept-Language: en-us
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: login: no shell: /bin/bash: Permission denied
References: <m3eliylhc2 DOT fsf AT appel DOT lilypond DOT org> <20020306101433 DOT P13590 AT cygbert DOT vinschen DOT de> <3C866A0B DOT 6040500 AT DeFaria DOT com> <20020306213202 DOT C13590 AT cygbert DOT vinschen DOT de> <3C869077 DOT 3090705 AT DeFaria DOT com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


> Regardless, to me it's still would be a large security hole if all one 
> needs to do is:
> 
> $ echo "+" > ~/.rhosts
> 
> to be able to abuse rsh to do something under somebody else's user ID is 
> it not?


rsh is inherently insecure. Attempts to make it secure are not 
worthwhile (in fact, they tend to break rsh). Especially in the land of 
NT insecurity, trying to make rsh secure simply makes it unusable.

HTH,
Peter


> 
> 
> 
> -- 
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/