Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
X-Injected-Via-Gmane: yes
Path: not-for-mail
From: Andrew DeFaria <Andrew AT DeFaria DOT com>
Newsgroups: gmane.os.cygwin
Subject: Re: login: no shell: /bin/bash: Permission denied
Date: Wed, 06 Mar 2002 15:03:02 -0800
Organization: Salira Optical Networks
Lines: 20
Message-ID: <3C86A026.6080204@DeFaria.com>
References: <m3eliylhc2 DOT fsf AT appel DOT lilypond DOT org> <20020306101433 DOT P13590 AT cygbert DOT vinschen DOT de> <3C866A0B DOT 6040500 AT DeFaria DOT com> <20020306213202 DOT C13590 AT cygbert DOT vinschen DOT de> <3C869077 DOT 3090705 AT DeFaria DOT com> <3C86961C DOT 5040209 AT cportcorp DOT com>
NNTP-Posting-Host: 206.184.204.2
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: quimby2.netfonds.no 1015456215 9823 206.184.204.2 (6 Mar 2002 23:10:15 GMT)
X-Complaints-To: usenet AT quimby2 DOT netfonds DOT no
NNTP-Posting-Date: 6 Mar 2002 23:10:15 GMT
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2
X-Accept-Language: en-us

Peter Buckley wrote:

> 
>> Regardless, to me it's still would be a large security hole if all one 
>> needs to do is:
>>
>> $ echo "+" > ~/.rhosts
>>
>> to be able to abuse rsh to do something under somebody else's user ID 
>> is it not?
> 
> rsh is inherently insecure. Attempts to make it secure are not 
> worthwhile (in fact, they tend to break rsh). Especially in the land of 
> NT insecurity, trying to make rsh secure simply makes it unusable.

What are you talking about?!? It's simple, if rsh is called with the -l 
parameter (assuming the it's not -l <current user>) then prompt for a 
password. If that's not doable then fail with an error message of some 
sort. But lord's sakes laddy! Don't just let them walk in! :-)




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/