Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!uswnvg!gbarnet
From: gbarnet@uswnvg.UUCP (Gary Barnette)
Newsgroups: comp.unix.admin
Subject: .rhosts and security
Keywords: rhosts, security, rsh, rlogin
Message-ID: <925@uswnvg.UUCP>
Date: 25 Jun 91 17:20:55 GMT
Organization: US West NewVector, Bellevue, Wash.
Lines: 23



I would like to know how some sights handle the incredible
security hole opened up when a system crashes or a system
is down for scheduled maintanance.

A PC with the rsh command or a workstation can change their 
IP address and reboot, effectively mascarading as the downed 
multi-user machine. It can then preform rlogin's or rsh's as 
ROOT (or another user) to any another multi-user unix system 
that has the downed system in their .rhosts file.

I know that this is not a new problem and the removal of the
.rhosts files would prevent it but as an administrator I don't
know if I want to be a victim of my own policy.

Would Kerberos cure this security illness?

Thanks to all that contribute,

Gary Barnette
US West NewVector
{uunet, sequent}!uswnvg!gbarnet