*BSD News Article 15255


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!ira.uka.de!math.fu-berlin.de!news.netmbx.de!Germany.EU.net!mcsun!sunic!isgate!veda.is!adam
From: adam@veda.is (Adam David)
Newsgroups: comp.os.386bsd.bugs
Subject: rlogin localhost (security hole)
Message-ID: <C65xo9.Et@veda.is>
Date: 27 Apr 93 22:11:54 GMT
References: <1993Apr27.191444.29243@ibr.cs.tu-bs.de>
Organization: Veda Systems, Iceland
Lines: 18

schoenfr@ibr.cs.tu-bs.de (Erik Schoenfelder) writes:

>A telnet or rlogin to localhost does the same. But I have not seen any
>error or panic message. Instant reboot only.

Possibly not related, it was brought to my attention that 'rlogin localhost'
on a machine with an ethernet interface does the following:

$ rlogin localhost
localhost: Undefined error: 0

Then 'strings /core.rlogind' displays some passwd strings from
/etc/master.passwd (twice from the current user, and one belonging
to someone else). Kind of defeats the purpose of having 0600 permissions
on /etc/master.passwd doesn't it.

--
Adam D. (adam@veda.is)