> -----Original Message-----
> From: Andrew DeFaria [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 06, 2002 10:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: login: no shell: /bin/bash: Permission denied
>
<skipped>
> Regardless, to me it's still would be a large security hole
> if all one
> needs to do is:
>
> $ echo "+" > ~/.rhosts
>
> to be able to abuse rsh to do something under somebody else's
> user ID is
> it not?
>
Note however that the "echo" above has to be done by "anotheruser"; you
can't do it. Rsh is insecure, but it at least verify that ONLY anotheruser
is able to write to its own "~/.rhosts" :-)
And if you'r e fool enough to do this, you may as well do that:
$ echo "my password" > ~/THIS_IS_MY_PASSWORD
$ chmod a+r ~/THIS_IS_MY_PASSWORD
:) :) :) :)
Bernard
--------------------------------------------
Bernard Dautrevaux
Microprocess Ingenierie
97 bis, rue de Colombes
92400 COURBEVOIE
FRANCE
Tel: +33 (0) 1 47 68 80 80
Fax: +33 (0) 1 47 88 97 85
e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED]
--------------------------------------------
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
