Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!gatech!ncar!ames!haven!ncifcrf!nlm-mcs!vax2.nlm.nih.gov!mjr
From: mjr@vax2.nlm.nih.gov.nlm.nih.gov (Marcus J. Ranum)
Newsgroups: comp.unix.wizards
Subject: Re: rlogin over trusted hosts...
Message-ID: <8268@nlm-mcs.arpa>
Date: 15 Oct 88 22:28:11 GMT
References: <3043@mipos3.intel.com>
Sender: nobody@nlm-mcs.arpa
Reply-To: mjr@vax2.nlm.nih.gov (Marcus J. Ranum)
Organization: Institute For Felinographical Studies
Lines: 19

In article <3043@mipos3.intel.com> rpartha@cadev4.UUCP () writes:
>
>    I noticed a possible problem with the "rlogin" command. Typically
>    the accounts such as "sys", "news", etc. cannot be logged into since
>    their /etc/passwd entries have a "*" in the password field. But, over
>    a network it is possible to login as "sys" or "news" etc. 

	I used to change the login shells on sys, bin, etc, to something
like /usr/games/fortune, but some versions (or is it all?)(I have seen
some that don't) of rshd always execute 'rsh' commands using 'sh -c <command>'
instead of the pw->shell field in the password file.

	I don't recall if 'bin' owns the stuff in /bin anymore - used to,
but that always was a pretty open hole, if 'bin' could get onto another
system and replace /bin/sh with a trojan horse. Possibilities like that
are endless - it's better to just keep people off your network if you
don't trust 'em :-)

--mjr();