This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: login: no shell: /bin/bash: Permission denied


Peter Buckley wrote:

> 
>> Regardless, to me it's still would be a large security hole if all one 
>> needs to do is:
>>
>> $ echo "+" > ~/.rhosts
>>
>> to be able to abuse rsh to do something under somebody else's user ID 
>> is it not?
> 
> rsh is inherently insecure. Attempts to make it secure are not 
> worthwhile (in fact, they tend to break rsh). Especially in the land of 
> NT insecurity, trying to make rsh secure simply makes it unusable.

What are you talking about?!? It's simple, if rsh is called with the -l 
parameter (assuming the it's not -l <current user>) then prompt for a 
password. If that's not doable then fail with an error message of some 
sort. But lord's sakes laddy! Don't just let them walk in! :-)




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]