[1612] in linux-security and linux-alert archive
[linux-security] Re: Re: Re: Re: Security Concern..
daemon@ATHENA.MIT.EDU (Pluto)
Sun Sep 21 04:01:40 1997
Date: Sun, 21 Sep 1997 04:50:08 +0100 (GMT+0100)
From: Pluto <pluto@berlin.snafu.de>
Reply-To: acheron@berlin.snafu.de
To: linux-security@redhat.com
In-Reply-To: <199709181810.OAA00605@burgundy.eecs.harvard.edu>
Resent-From: linux-security@redhat.com
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 18 Sep 1997, David Holland wrote:
> > >> >-rwsr-xr-x 1 root bin 13937 Dec 5 1995 /usr/bin/rcp
> > >> and also this one
> > >
> > >losing rcp functionality.
> >
> > Nope. 'rcp' calls the privileged 'rsh' to perform the actual protocol.
> > 'rcp' itself doesn't need privileges at all, and IIRC it tries to throw
> > them away if it discovers that it has them.
>
> I wish. It uses rcmd().
>
> The long term solution to this problem is to change rcmd() to call
> "/usr/bin/rsh" (which can easily be made a symlink to some more useful
> equivalent like ssh) and compile the actual rcmd() functionality into
Salve,
There is an SSLrsh build from SSLeay. Though I'ven't tried it by now. They
announce that it is validating hosts w/ certs. IMHO this seems like
it would be a noticably more secure improvement over port validation and
SSH as certs include more information about the host attempting to connect
than public keys.
Have a look at: http://www.quik.com.au/sjg/SSLrsh.html
Yours
Pluto
/*------------------------------------------------------------------*\
Free information! Freedom through knowledge. Wisdom for all!! =:-)
Key fingerprint: 1F 3F EA 94 D0 56 A6 86 4D 19 C4 56 6C F9 43 44
----- Your todays fortune cookie ------
TAILFINS!! ... click ...
----- End of furtune ------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAgUBNCSZdMSyBNtyYarNAQHAKQP/ZTZ/CI+6LmXxSG/O1AaTcrwCUnCZtt5R
sBR5LfqxjLHxft/x9t7nvUec+zzjLuoog+kAbzZOH1JHXEGRRdG889tRFad2q6To
lADdmEvlB6c5eNmm7TzOKbFUotxL/8sRgsjifl+UuCL1Zi05OgElApTqT5lfbueI
+xHaQQp2zvE=
=jkJG
-----END PGP SIGNATURE-----