mxz@dtg.nsc.com (Michael Zhang) (10/17/89)
Sun claims that there are security problems using "on" command. Does any one know what kind of security problem it may cause? Is the "on" command or "rexd", the daemon handles "on", has problem? Michael Zhang (mxz@dtg.nsc.com)
mlandau@diamond.bbn.com (Matt Landau) (11/13/89)
The basic problem is that rexd is too trusting about who a request is coming from, making it trivial to masquerade as any host and (non-root) user and execute remote commands on any machine that runs rexd. I don't want to provide any more details in a public forum, since there are already too many people who know about this :-) We fixed the problem by modifying the rexd sources so they get the host name corresponding to the IP address of the incoming request and make sure it's in /etc/hosts.equiv before agreeing to process the request. This makes on exactly as (in)secure as rsh/rlogin, which seems to be good enough for most people's purposes. Matt Landau Rebel without a clue. mlandau@bbn.com