[1618] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] rwhod is naive

daemon@ATHENA.MIT.EDU (David Holland)
Tue Sep 23 04:35:41 1997

From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Mon, 22 Sep 1997 23:32:12 -0400 (EDT)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

It seems that when you send rwhod an rwho packet, it blindly assumes
you are who the packet says you are. That is to say, it looks as if
any host can inject false rwho data for any other host.

I'm not convinced this is worth fixing. Opinions?

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino

--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post