[1619] in linux-security and linux-alert archive
[linux-security] Re: rwhod is naive
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Tue Sep 23 08:43:21 1997
Date: Tue, 23 Sep 1997 11:17:09 +0200
From: Olaf Kirch <okir@lst.de>
To: linux-security@redhat.com
In-Reply-To: <199709230332.XAA04005@burgundy.eecs.harvard.edu>; from David Holland on Mon, Sep 22, 1997 at 11:32:12PM -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Mon, Sep 22, 1997 at 11:32:12PM -0400, David Holland wrote:
> It seems that when you send rwhod an rwho packet, it blindly assumes
> you are who the packet says you are. That is to say, it looks as if
> any host can inject false rwho data for any other host.
I looked into rwhod recently because I was worried about hostnames
like ../../../etc/passwd. Fortunately, linux rwhod checks for these.
Concerning hostname spoofing: rwhod checks that the sender's UDP port
is 513. So you have to be root in order to spoof it, which is not much
different from doing it at the IP level.
> I'm not convinced this is worth fixing.
It isn't.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de +-------------------- Why Not?! -----------------------
--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null