Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!ico!vail!vail.ico.isc.com!dougm From: dougm@ico.isc.com (Doug McCallum) Newsgroups: comp.unix.wizards Subject: Re: ftp using .rhosts or rhsts.equiv Message-ID: Date: 10 Dec 89 19:43:39 GMT References: <32098@news.Think.COM> Sender: dougm@ico.isc.com Organization: INTERACTIVE Systems Corporation Lines: 27 In-Reply-To: barmar@Think.COM's message of 9 Dec 89 04:22:47 GMT In article drears@pilot.njin.net (Dennis G. Rears) writes: > I thinking of changing the ftp servers on systems that I have >control over so that the behaviour mimics rlogin/rsh. >Is there any reason why I shouldn't do this? It seems like a reasonable thing, but there are a number of things you'll have to watch out for when you do it. It isn't a safe thing to do for the reasons you outline below. For security, ftp should use a privileged port to connect to the daemon, and ftpd should check that the foreign port is privileged. This prevents users from spoofing with "telnet 20". You don't even need telnet 20, all you need is ftp and do the login by hand. However, this means that you'll have to make ftp setuid root. But much of the program probably assumes that it is running under the invoker's userid. It should change its effective userid to its real userid except when it is opening the port. Non-UNIX systems don't have the priviledged port mechanism. It would be quite simple to spoof the FTP daemon even with the mechanism you suggest. It would be much better to add something like the Kerberos authentication system and forget the priviledged port business.