[3] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Internet Worm

daemon@ATHENA.MIT.EDU (Joe Konczal)
Mon Oct 17 17:31:53 1994

Date: Mon, 17 Oct 1994 15:25:35 -0400
From: Joe Konczal <jkonczal@nist.gov>
To: jseng@darwin.technet.sg
Cc: nlawson@galaxy.csc.calpoly.edu, bugtraq@fc.net
In-Reply-To: <Pine.BSI.3.90.941015132013.18469G-100000@darwin.technet.sg> (message from James Seng on Sat, 15 Oct 1994 13:29:15 +0800 (SST))

>>>>> "James" == James Seng <jseng@darwin.technet.sg> writes:

    James> Anyway, what i did on my system is put a .rhosts file in
    James> every user directory. chmod 000 .rhosts and chown root
    James> .rhosts. Not all user needs .rhosts file. Those who wants
    James> to use them email me and i will chown back to them. (any
    James> problem with that? :-)

The problem is, if users have write permission on their home
directories, then they can delete the root-owned .rhosts files and
create their own.

-- 
Joe Konczal  <jkonczal@nist.gov>		
National Institute of Standards and Technology
Tech. A62
Gaithersburg, MD  20899
(301) 975-3285

home help back first fref pref prev next nref lref last post