Hello, Just investigating about /etc/hosts.equiv and ~/.rhosts and I was quite serious to think that my system doesn't need both of them....
I then start to look carefully my /etc and discovered a link that read like this: 0 lrwxrwx--- 1 root wheel 13 Mar 25 17:14 /etc/rmt -> /usr/sbin/rmt man rmt: rmt is a program used by the remote dump and restore programs through an interprocess communication connection. Traditionally it is used for manipulating a magnetic tape drive but it may be used for regular file access as well. rmt is normally started up with an rcmd(3) or rcmdsh(3) call. [...] BUGS: ==== People tempted to use this for a remote file access protocol are discouraged. man rcmd: The rcmd() function is used by the superuser to execute a command on a remote machine using an authentication scheme based on reserved port numbers. [...] The rresvport() and rresvport_af() functions return a descriptor to a socket with an address in the privileged port space. [...] The ruserok() function takes a remote host's name, two user names, and a flag indicating whether the local user's name is that of the superuser. Then, if the user is not the superuser, it checks the /etc/hosts.equiv file. If that lookup is not done, or is unsuccessful, the .rhosts in the local user's home directory is checked to see if the request for service is allowed. If this file does not exist, is not a regular file, is owned by anyone other than the user or the superuser, or is writeable by anyone other than the owner, the check automatically fails. Zero is returned if the machine name is listed in the hosts.equiv file, or the host and remote user name are found in the .rhosts file; otherwise ruserok() returns -1. man rcmdsh: The rcmdsh() function is used by normal users to execute a command on a remote machine using an authentication scheme based on reserved port numbers using ssh(1) or the value of rshprog (if non-null). SUPERBUG (by myself): ======== One can be "tempted" to think to a ruserok() function that hacked can return always OK (0) and otherwise one can always revert to rcmdsh() with the help of a "good" rshprog. I'm here to ask enlightment about the opportunity to define /etc/hosts.equiv and ~/.rhosts but mainly if it is still the case (and why) to have this rmt link in etc. Last if not first, what is the best practice to defend myself form BUG and SUPERBUG listed above. Thanks, appreciated. -- Daniele Bonini
