[27312] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (Adam McKenna)
Fri Feb 11 14:58:58 2000
Date: Fri, 11 Feb 2000 14:56:51 -0500
From: Adam McKenna <adam@flounder.net>
To: nanog@merit.edu
Message-ID: <20000211145651.G27240@flounder.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20000212030724.E82000@ewok.creative.net.au>; from adrian@creative.net.au on Sat, Feb 12, 2000 at 03:07:25AM +0800
Errors-To: owner-nanog-outgoing@merit.edu
Also, I believe ssh won't do this if you remove the suid bit (which is
probably a good idea anyway).
--Adam
On Sat, Feb 12, 2000 at 03:07:25AM +0800, adrian@creative.net.au wrote:
> Its not a bug, its a leftover from rsh days - if the connection originates
> from a port below 1024, you could assume *cough* that the credentials the
> connection supplies are authentic, since the process needs to be root to
> bind to ports < 1024.
>
> This isn't a "but thats flawed!" discussion seed, take that to bugtraq.
>
> There's a flag to ssh somewhere to stop it doing that. Yup, -P .
>
> Adrian
