The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #338 [Something else to be paranoid about] (1 message, 496 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/338.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Fred Blonder <fred@brillig.umd.edu>
To: phage
Date: Tue 19:30:17 06/12/1988 EST
Subject: Something else to be paranoid about
References: [Thread Prev: 335] [Thread Next: 344] [Message Prev: 340] [Message Next: 342]

Try:

    awk -F: '{ print $6 }' /etc/passwd | sort -u | \
		sed 's/^.*$/ls -l &\/.rhosts/' | sh

to see the modes of all your users' .rhosts files. I found several here
that were mode -rw-rw-r-- , and one that was -rw-rw-rw- . I'll leave it
to your imagination as to all the fun ways you could exploit this.

I've been changing all my .rhosts files to mode ---------- , which
seems to work just fine for rlogin.
-----
					Fred Blonder
					Fred@Mimsy.umd.edu
					uunet!mimsy!fred

END OF DOCUMENT