bs30@sirius.gte.com.csnet (Bernard Silver) (01/04/89)
A (hopefully) harmless intrusion brought to our notice the default /etc/hosts.equiv in 3.5 and 4.0 The default consists of a single "+", which in this context means ALL known hosts are trusted. An empty file seems a much better choice. Bernard Silver
bates@stat.stat.wisc.edu (Douglas M. Bates) (01/14/89)
Bernard Silver writes: > A (hopefully) harmless intrusion brought to our notice the default > /etc/hosts.equiv in 3.5 and 4.0 The default consists of a single "+", > which in this context means ALL known hosts are trusted. This can be a bad security hole in some configurations. We run some of the Annex terminal servers from Encore. These machines do not require a login/password combination for their initial connection from the terminal and they allow the user to connect to another host through "rlogin". For example, rlogin newhost -l myname It appears (I've never studied the sources and I don't know exactly what handshaking goes on in an rlogin) that "newhost" then asks the Annex if this request is originating from the "myname" login. The Annex always replies "yes" and the rlogin is completed without password verification if the Annex is regarded as a secure host. If /etc/hosts.equiv on "newhost" consists of a single "+" then anyone with access to a terminal on the Annex terminal server can rlogin without a password to any login on "newhost".