rlogin URLs
Jon Knight
J.P.Knight at lut.ac.uk
Wed Nov 22 08:59:01 EST 1995
On Tue, 21 Nov 1995, Eric R. Holst wrote:
> In fact, .rhosts files should be owned by root w/ -r------- permissions. If
> a system needs to have .rhosts files for rlogin access, empty .rhosts files
> could be installed in each users home directory.
Which doesn't help much as the user can just delete it still:
weeble# ls -la rhosttest
-r-------- 1 root 1 Nov 22 13:53 rhosttest
webble# ^D
weeble: rm rhosttest
rm: override protection 400 for rhosttest? y
weeble: ls rhosttest
rhosttest not found
weeble:
Plus if you're running NFS over a cluster with root mapped to nobody
(good for other security reasons), you'll need to give read access to
more than just the owner of the .rhosts file if you want to be able to use
the .rhosts file from a machine that mounts the user's $HOME over NFS.
Not good.
Have rlogin understood by a browser is just asking for trouble in a
public access area IMHO.
Jon
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jon Knight, Researcher, Sysop and General Dogsbody, Department of Computer
Studies, Loughborough University of Technology, Leics., ENGLAND. LE11 3TU.
* I've found I now dream in Perl. More worryingly, I enjoy those dreams. *
More information about the Web4lib
mailing list