[comp.unix.wizards] /etc/hosts.equiv verses $HOME/.rhosts

waldorf@venice.SEDD.TRW.COM (Jerry Waldorf) (08/24/90)

	I am running on a lan of HP 9000/300's and want to do some remshs and 
some rcps.  The manual says that using $HOME/.rhosts is very dangerous for 
security reasons, but doesn't seem to mention any problems with using
/etc/hosts.equiv.  Could some kind sole tell me why using $HOME/.rhosts 
is unsafe and why /etc/hosts.equiv is safe?  

	Thanks,

	Jerry.

smb@ulysses.att.com (Steven Bellovin) (08/24/90)

In article <785@venice.SEDD.TRW.COM>, waldorf@venice.SEDD.TRW.COM (Jerry Waldorf) writes:
> Could some kind sole tell me why using $HOME/.rhosts 
> is unsafe and why /etc/hosts.equiv is safe?  

/etc/hosts.equiv represents the administrator's (presumably informed)
decision to extend trust to certain other hosts, typically those also
under the same person's control.  .rhosts files represent a user's
decision to extend trust, often to a machine not worthy of it.

jgreco@archimedes.math.uwm.edu (Joe Greco) (08/30/90)

In comp.unix.wizards article <13650@ulysses.att.com>, smb@ulysses.att.com (Steven Bellovin) wrote:
:In article <785@venice.SEDD.TRW.COM>, waldorf@venice.SEDD.TRW.COM (Jerry Waldorf) writes:
:> Could some kind sole tell me why using $HOME/.rhosts 
:> is unsafe and why /etc/hosts.equiv is safe?  
:
:/etc/hosts.equiv represents the administrator's (presumably informed)
:decision to extend trust to certain other hosts, typically those also
:under the same person's control.  .rhosts files represent a user's
:decision to extend trust, often to a machine not worthy of it.

Neither is absolutely safe.  Then again, networks aren't safe.  You need to
be sure that your network is relatively secure, that your machines are
relatively secure, and that your host tables (or nameserver) are trustworthy,
to mention just a few...

Consider the following:

A person with a network monitoring program.  Just watch long enough and
snatch the password right off it.  Of course this ISN'T a problem with
.rhosts....

A person who breaks into a workstation, and changes the IP numbers to match
another machine.  Then crash the other machine.  Voila, suddenly what looks
like x.y.z.edu is actually a.y.z.edu... and you're at the mercy of the
person.

A person who can fiddle with the nameserver to produce false host names.  No
need to even change the IP number.  This is possibly the worst of the bunch.
Having (for legitimate reasons) done something similar to this on our local
network, I'm not too sure that there is anything to truly prevent someone
from doing this.

Long ago I decided it was all worthless: there's just no way to protect
against all possibilities.  I use .rhosts...

... Joe

-------------------------------------------------------------------------------
Joe Greco - University of Wisconsin, Milwaukee - Department of Mathematics
jgreco@archimedes.math.uwm.edu		USnail: Joe Greco
Voice: 414/321-6184				9905 W. Montana Ave.
Data:  414/321-9287 (Happy Hacker's BBS) 	West Allis, WI  53227-3329
ICBM:  43 05 20 N 87 53 10 W
#include <witty_and_humorous_saying.h>
Disclaimer: I don't speak for the Math Department, the University, or myself.

darryl@lemuria.MV.COM (Darryl Wagoner) (08/30/90)

In article <785@venice.SEDD.TRW.COM> waldorf@venice.sedd.trw.com (Jerry Waldorf) writes:

>	I am running on a lan of HP 9000/300's and want to do some remshs and 
>some rcps.  The manual says that using $HOME/.rhosts is very dangerous for 
>security reasons, but doesn't seem to mention any problems with using
>/etc/hosts.equiv.  Could some kind sole tell me why using $HOME/.rhosts 
>is unsafe and why /etc/hosts.equiv is safe?  

No, they can't because hosts.equiv isn't safe or even safer.
Hosts.equiv opens up all the users (except root) to attack where rhost
just opens that one user.   If you have a trusted base of systems (ie. you
trust the sys adm of the all systems on the network, not just the ones
in your .rhosts or hosts.equiv) then you can use it without too much
problems.  I wouldn't use hosts.equiv for any reason and rhost should
only be readable by you.  To increase security you may want to have
the rhost in place only when you are doing work.

Hope this help!

-Darryl


-- 
Darryl Wagoner		darryl@lemuria.MV.COM or uunet!virgin!lemuria!darryl
12 Oak Hill Road
Brookline, NH 03033
Office: 603.672.0736   		Home: 603.673.0578

wyatt@cfa.HARVARD.EDU (Bill Wyatt,OIR) (09/04/90)

>>[...]  Could some kind sole tell me why using $HOME/.rhosts 
>>is unsafe and why /etc/hosts.equiv is safe?  

> [...]  I wouldn't use hosts.equiv for any reason and rhost should
> only be readable by you.  To increase security you may want to have
> the rhost in place only when you are doing work.

Yes! We use crontab and find(1) once a day on our systems to remove
ALL .rhosts files. The users may reconstitute their .rhosts files each
day, of course, but are encouraged to put a `rm ~/.rhosts' into a
.logout file as well. 

Since I use X on several machines at once, I have a script run at
login time to rlogin to those few machines I always use. My .login on
those remote machines copies a files into .rhosts. I also have a `log'
command aliased to set an environment variable before logging out so I
can log out but not have the .logout script kill the .rhosts file. 

My local .xsession script can then open windows up on the various
machines with no problem. When I logout of my own machine, there's yet
another script run from .logout that attempts to rsh to each machine
in the .rhosts file to removes its copy of .rhosts, and then removes
the local .rhosts.

If this sounds complicated, it really isn't. It requires some initial 
configuration setup, and a couple extra minutes when logging in, is all. 
It's much more secure having .rhosts available all over the place all the
time.

Bill Wyatt, Smithsonian Astrophysical Observatory  (Cambridge, MA, USA)
    UUCP :  {husc6,cmcl2,mit-eddie}!harvard!cfa!wyatt
 Internet:   wyatt@cfa.harvard.edu
     SPAN:   cfa::wyatt                 BITNET: wyatt@cfa

milton@ecn.purdue.edu (Milton D Miller) (09/06/90)

In article <430@cfa.HARVARD.EDU> wyatt@cfa.HARVARD.EDU (Bill Wyatt,OIR) writes:
>>>[...]  Could some kind sole tell me why using $HOME/.rhosts 
>>>is unsafe and why /etc/hosts.equiv is safe?  
>
>> [...]  I wouldn't use hosts.equiv for any reason and rhost should
>> only be readable by you.  To increase security you may want to have
>> the rhost in place only when you are doing work.
>
>Yes! We use crontab and find(1) once a day on our systems to remove
>ALL .rhosts files. The users may reconstitute their .rhosts files each
>day, of course, but are encouraged to put a `rm ~/.rhosts' into a
>.logout file as well. 
>
>Since I use X on several machines at once, I have a script run at
>login time to rlogin to those few machines I always use. My .login on
>those remote machines copies a files into .rhosts. I also have a `log'
>command aliased to set an environment variable before logging out so I
>can log out but not have the .logout script kill the .rhosts file. 
>
So you type your password several times (ie one per machine) to 
gain access to all of the other machines??
If you are woried about wire security, then here you are sending your
unencrypted password across the network several times.  If you are only
woried about others faking host addresses, well, mabye.  But is it
really worth the added inconvinence?  I would not be suprised to find
scripts that "Do this automagically" from one or more people.

>Bill Wyatt, Smithsonian Astrophysical Observatory  (Cambridge, MA, USA)
>    UUCP :  {husc6,cmcl2,mit-eddie}!harvard!cfa!wyatt
> Internet:   wyatt@cfa.harvard.edu
>     SPAN:   cfa::wyatt                 BITNET: wyatt@cfa

milton

Milton D. Miller II
ECN student consultant, Purdue University