Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!ira.uka.de!math.fu-berlin.de!news.netmbx.de!Germany.EU.net!mcsun!sunic!isgate!veda.is!adam From: adam@veda.is (Adam David) Newsgroups: comp.os.386bsd.bugs Subject: rlogin localhost (security hole) Message-ID: <C65xo9.Et@veda.is> Date: 27 Apr 93 22:11:54 GMT References: <1993Apr27.191444.29243@ibr.cs.tu-bs.de> Organization: Veda Systems, Iceland Lines: 18 schoenfr@ibr.cs.tu-bs.de (Erik Schoenfelder) writes: >A telnet or rlogin to localhost does the same. But I have not seen any >error or panic message. Instant reboot only. Possibly not related, it was brought to my attention that 'rlogin localhost' on a machine with an ethernet interface does the following: $ rlogin localhost localhost: Undefined error: 0 Then 'strings /core.rlogind' displays some passwd strings from /etc/master.passwd (twice from the current user, and one belonging to someone else). Kind of defeats the purpose of having 0600 permissions on /etc/master.passwd doesn't it. -- Adam D. (adam@veda.is)