[3] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (Joe Konczal)
Mon Oct 17 17:31:53 1994
Date: Mon, 17 Oct 1994 15:25:35 -0400
From: Joe Konczal <jkonczal@nist.gov>
To: jseng@darwin.technet.sg
Cc: nlawson@galaxy.csc.calpoly.edu, bugtraq@fc.net
In-Reply-To: <Pine.BSI.3.90.941015132013.18469G-100000@darwin.technet.sg> (message from James Seng on Sat, 15 Oct 1994 13:29:15 +0800 (SST))
>>>>> "James" == James Seng <jseng@darwin.technet.sg> writes:
James> Anyway, what i did on my system is put a .rhosts file in
James> every user directory. chmod 000 .rhosts and chown root
James> .rhosts. Not all user needs .rhosts file. Those who wants
James> to use them email me and i will chown back to them. (any
James> problem with that? :-)
The problem is, if users have write permission on their home
directories, then they can delete the root-owned .rhosts files and
create their own.
--
Joe Konczal <jkonczal@nist.gov>
National Institute of Standards and Technology
Tech. A62
Gaithersburg, MD 20899
(301) 975-3285
