[1618] in linux-security and linux-alert archive
[linux-security] rwhod is naive
daemon@ATHENA.MIT.EDU (David Holland)
Tue Sep 23 04:35:41 1997
From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Mon, 22 Sep 1997 23:32:12 -0400 (EDT)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
It seems that when you send rwhod an rwho packet, it blindly assumes
you are who the packet says you are. That is to say, it looks as if
any host can inject false rwho data for any other host.
I'm not convinced this is worth fixing. Opinions?
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino
--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null