The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #350 [Re: Something else to be paranoid about] (1 message, 687 bytes)
NOTICE: recognises the rights of all third-party works.


From: (Dave Borman)
To: phage
Date: Wed 11:41:30 07/12/1988 EST
Subject: Re: Something else to be paranoid about
References: [Thread Prev: 344] [Thread Next: 351] [Message Prev: 349] [Message Next: 351]

About 3 months ago I modified the rcmd.c library routine in our
release to check the mode of the $HOME/.rhosts file, and if it has
group or world write permission, to ignore it.  It's a trivial change,
because it already stat()s the file to check the ownership. Just change
the check in ruserok() from:
		if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) {
		if ((sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) ||
		    (sbuf.st_mode & 022)) {

Of course, if you want to be really safe, you should also check
the ownership/mode of the login directory.  If you are running on
a system that allows you to give away files (like System V), and
the login directory is group or world writeable, the offending
person could remove the current .rhosts file, install a new one
with the right modes, and chown it to the person who owns the
account...  Fun, huh?

		-Dave Borman, Cray Research, Inc.