This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: rsh -l doesn't require a password


Keith,

On Mon, Jan 22, 2001 at 02:12:01PM +0000, Keith Starsmeare wrote:
> There appears to be a security problem with the inetd. I can access my
> NT box via rsh remotely without giving a password if I use the -l
> option to specify a valid user account:
> 
>   % rsh -l kstarsm kampala id
>   uid=18(system) gid=512(domadmin) groups=512(domadmin)
> 
> As I haven't set up the hosts.equiv or .rhosts files I would hope to see:
>   % rsh -l kstarsm kampala id
>   Permission denied.

IMO, it is a bug in rshd which is due to the following (from
inetutils-1.3.2/rshd/rshd.c):

void
doit(fromp)
    struct sockaddr_in *fromp; 
{
..
                if (errorstr ||
***>                pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
                    iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
                    remuser, locuser) < 0) {
                        if (__rcmd_errstr)
                                syslog(LOG_INFO|LOG_AUTH,
                            "%s@%s as %s: permission denied (%s).  cmd='%.80s'",
                                    remuser, hostname, locuser, __rcmd_errstr,
                                    cmdbuf);
..
}

Since Cygwin's mkpasswd creates an empty pw_passwd field, the above
code never calls iruserok().  Hence, any user is allowed rsh access.

I "fixed" the problem by inserting asterisks into the pw_passwd
fields in my /etc/passwd file.  For example:

    jt:*:1004:513:Jason Tishler,S-1...
       ^
       +--- here

I never submitted a patch because it seems like the s-commands (i.e.,
ssh) are much more in vogue then the r-commands (i.e., rsh) now a days.

Jason

-- 
Jason Tishler
Director, Software Engineering       Phone: +1 (732) 264-8770 x235
Dot Hill Systems Corp.               Fax:   +1 (732) 264-8798
82 Bethany Road, Suite 7             Email: Jason.Tishler@dothill.com
Hazlet, NJ 07730 USA                 WWW:   http://www.dothill.com

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]