[2956] in bugtraq
Re: rdist exploit [bsdi]
daemon@ATHENA.MIT.EDU (Simon J. Gerraty)
Wed Jul 17 15:21:31 1996
Date: Thu, 18 Jul 1996 00:23:20 +1000
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Simon J. Gerraty" <sjg@quick.com.au>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Chris Siebenmann writes:
> The real way to fix this hole in rdist is to run a version of rdist
>that is not setuid root. Patching the source and leaving rdist setuid
>root is just a bandaid until the next exploit is found.
Quite agree.
> The only reason rdist is setuid root is so it can use rcmd(); it is
>easy to write a replacement for rcmd() that forks rsh. I did this and
>announced it back in November of 1991, when the first rdist security
If you really want it safe, you can (soon) use SSLrdist (and SSLrcp,
SSLrsh etc). None of these are set-uid, as SSLr* don't bother with reserved
ports (what's the point?) and in general SSLrshd does not care
where the client is calling from - his certificate proves who he is.
The rdist is the current USC version but calling ssl_rcmd()
and yes you could just use rdist -P SSLrsh, but if you were updating multiple
hosts with a certificate that needed a passwd you'd get bored quickly.
I've not made a public release as currently you need BSD make to build it
and that upsets some folk, so when I've done a set of gmake makefiles
and configure etc, I'll put it up for ftp.
In the meantime, check out http://www.quick.com.au/sjg/SSLrsh.html
--
Simon J. Gerraty <sjg@zen.void.oz.au>
#include <disclaimer> /* imagine something _very_ witty here */
