Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!mcsun!hp4nl!solist!maestro!jand
From: jand@maestro.htsa.aha.nl (Jan Derriks)
Newsgroups: comp.unix.questions
Subject: How safe is rlogin protocol ?
Message-ID: <1562@maestro.htsa.aha.nl>
Date: 9 Mar 90 11:04:11 GMT
Sender: uucp@solist.htsa.aha.nl
Reply-To: jand@maestro.htsa.aha.nl (Jan Derriks)
Organization: AHA-TMF (Technical Institute), Amsterdam, The Netherlands
Lines: 20

>                        What About Those People
>       Who Continue to Ask Stupid or Frequently Asked Questions

I suppose I'll be one of those now:
  A student was so smart as to make a .rhosts file in uucppublic and thus
  being able to work under uid=uucp. 
  Fixing this, my collegue said it's always possible to 'break in' a users
  account by talking the right protocol to rlogind (if a .rhosts exists).
  Just say your 'billy' and start a remote shell as user 'billy'.
Is it so easy ? How is the rlogin protocol protected against this ?
>
>Just send them a polite mail message, possibly referring them to this document.
>There is no need to flame them on the net - it's busy enough as it is.
>
Thanx.
-- 
Jan Derriks                  |       AHA-TMF (H.T.S. 'Amsterdam'),
jand@maestro.htsa.aha.nl     |       Europaboulevard 23,
(or ..hp4nl!htsa!jand)       |       1079 PC Amsterdam,
phone: +31 20423827          |       the Netherlands.