[1619] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: rwhod is naive

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Tue Sep 23 08:43:21 1997

Date: Tue, 23 Sep 1997 11:17:09 +0200
From: Olaf Kirch <okir@lst.de>
To: linux-security@redhat.com
In-Reply-To: <199709230332.XAA04005@burgundy.eecs.harvard.edu>; from David Holland on Mon, Sep 22, 1997 at 11:32:12PM -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Mon, Sep 22, 1997 at 11:32:12PM -0400, David Holland wrote:
> It seems that when you send rwhod an rwho packet, it blindly assumes
> you are who the packet says you are. That is to say, it looks as if
> any host can inject false rwho data for any other host.

I looked into rwhod recently because I was worried about hostnames
like ../../../etc/passwd. Fortunately, linux rwhod checks for these.

Concerning hostname spoofing: rwhod checks that the sender's UDP port
is 513. So you have to be root in order to spoof it, which is not much
different from doing it at the IP level.

> I'm not convinced this is worth fixing.

It isn't.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de        +-------------------- Why Not?! -----------------------

--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post