Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!think!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.unix.questions
Subject: Re: How safe is rlogin protocol ?
Message-ID: <34596@news.Think.COM>
Date: 10 Mar 90 19:12:07 GMT
References: <1562@maestro.htsa.aha.nl>
Sender: news@Think.COM
Reply-To: barmar@nugodot.think.com.UUCP (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 17

In article <1562@maestro.htsa.aha.nl> jand@maestro.htsa.aha.nl (Jan Derriks) writes:
>  Just say your 'billy' and start a remote shell as user 'billy'.
>Is it so easy ? How is the rlogin protocol protected against this ?

Rlogind requires that the source port of the connection be in the range
from 512 to 1023, and Unix only allows root to open connections like this;
rlogin is setuid to root, and it always specifies the correct local user
name.  So long as Billy's .rhosts file only lists Unix hosts on which he
trust the superuser he's relatively safe.  However, if there are any
completely insecure systems (such as PC's) on the subnet then there can be
problems due to address spoofing, which renders the host names in the
.rhosts file ineffective.
--
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar