Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.wizards
Subject: Serious potential security problem. (was Re: BSD tty security, part 3: How to Fix It)
Summary: Anybody may be able to login to your Sun.
Message-ID: <1991May1.140953.20081@mp.cs.niu.edu>
Date: 1 May 91 14:09:53 GMT
Organization: Northern Illinois University
Lines: 31


 Why are we worrying about somebody sneaking in through a tiny crack in the
basement, when the front door is swinging wide open.

  I just had the following experience:


	I logged into a system (with rlogin).  I was not asked for a password.

	The following are, I believe, the relevant facts:

	The system was a sun 4, running SunOS 4.1
	/etc/hosts.equiv contains the infamous '+' line.
	The sun is not running yp.
	The sun is not running a nameserver.
	There is no /etc/resolv.conf
	The host from which I logged in is not listed in /etc/hosts or .rhosts
	The 'who' command showed the numeric internet address of the host
		from which I logged in, not its name.
	The host from which I logged in is not on the same network.


 Face it.  That '+' in hosts.equiv is not safe now, never was safe, probably
never will be safe.  As long as vendors insist in this misfeature, TTY
problems seem unimportant by comparison.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940