Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!sun-barr!olivea!olivey!jerry
From: jerry@olivey.olivetti.com (Jerry Aguirre)
Newsgroups: comp.protocols.nfs
Subject: Re: problem with rsh under PC-NFS
Summary: rsh as bin is almost as bad as root
Message-ID: <49887@olivea.atc.olivetti.com>
Date: 27 Nov 90 05:43:30 GMT
References: <rog.658001409@nebula> <551@rome.gdwb.oz.au> <DEBTRON.90Nov9115653@suds.cme.nist.gov>
Sender: news@olivea.atc.olivetti.com
Distribution: usa
Organization: Olivetti ATC; Cupertino, CA
Lines: 13

In article <DEBTRON.90Nov9115653@suds.cme.nist.gov> debtron@cme.nist.gov (Debbie Nickerson) writes:
>After reading the hosts.equiv man page, I believe that having the PCs 
>listed in the hosts.equiv list does not allow them to rlogin or rsh 
>as root.  Root rsh and rlogin permissions are controlled by the /.rhosts file.

The exclusion of root from host.equivs is not really enough protection.
There are usually enough files lying around that are owned by "bin" or
uucp to provide entries to the system.  One can either disrupt
activities by clobbering them or plant a trojan hourse for the next
envocation by the root user.

Let the users put it in their own .rhosts or better yet, just don't use
rsh from a PC.