[4637] in bugtraq
Re: SOLARIS/CDE/DT cover up : dtspcd
daemon@ATHENA.MIT.EDU (Jon Trulson)
Fri Jun 6 03:03:59 1997
Date: Thu, 5 Jun 1997 12:01:07 -0600
Reply-To: jon@XiG.com
From: Jon Trulson <jon@XIG.COM>
X-To: "Anthony C. Zboralski" <anthony@sct.fr>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.970605051313.27002D-100000@turing.imm.net>
On Thu, 5 Jun 1997, Anthony C. Zboralski wrote:
> Date: Thu, 5 Jun 1997 05:37:48 +0200
> From: "Anthony C. Zboralski" <anthony@SCT.FR>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: SOLARIS/CDE/DT cover up : dtspcd
>
> Have you ever heard of the CDE Subprocess Control daemon..
>
> dtspc 6112/tcp
>
> Well i don't really like dt, it is slow and the only window manager i like
> is Afterstep.. but one day when i logged on sol251.chump.flakes.org..
> it was running DT and there was this ugly application manager.. you got
> In the folder "Desktop Tools", i found this Xterm remote, terminal remote
> icons..
>
> One of them corresponded to xterm_dtspcd..
>
> I launched it and, oh well, it requested a remote hostname..
> i entered one that was on the same subnet... and it logged me in without
> asking for a password even though .rhosts and hosts.equiv were supposed to
> be restricted.. i looked around and found the guilty program:
>
> /usr/dt/bin/dtspcd
>
> aka CDE Subprocess Control daemon..
>
> and it was enabled by default in inetd.conf...
>
Hmmm. Are you reporting this as a security problem? dtspc
doesn't use hosts.equiv or rhosts... It uses X11 authentication
(~/.Xauthority)... If your home directory is the same on both machines (ie
nfs shared) then this behavior is normal, since .Xauthority's contents
will also be the same on both machines... If this is not the case, then
more information on your environment would be useful...
--
Jon Trulson work: mailto:jon@xig.com, home: mailto:jon@radscan.com
Xi Graphics, http://www.xig.com
ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962
PGP keys at finger:trulson@shell.rmi.net or http://home.rmi.net/~jon
#include <stddisclaimer.h>
FREE MARS!
