diff options
author | pst <pst@FreeBSD.org> | 1996-11-19 18:03:16 +0000 |
---|---|---|
committer | pst <pst@FreeBSD.org> | 1996-11-19 18:03:16 +0000 |
commit | 9b54175344028e4b01b450a1467b60ee7e047d47 (patch) | |
tree | 00d614db52b50f3446b31dd33c8db7c6839e3eb7 /libexec/rexecd/rexecd.8 | |
parent | 9fd5d9c917b006a363b507b9d21fe5fa7b40ce87 (diff) | |
download | FreeBSD-src-9b54175344028e4b01b450a1467b60ee7e047d47.zip FreeBSD-src-9b54175344028e4b01b450a1467b60ee7e047d47.tar.gz |
Do not attempt to open reverse channel until authentication phase has
succeeded.
Never allow the reverse channel to be to a privileged port.
Cannidate for: 2.1 and 2.2 branches
Reviewed by: pst (with local cleanups)
Submitted by: Cy Shubert <cy@cwsys.cwent.com>
Obtained from: Jaeger <jaeger@dhp.com> via BUGTRAQ
Diffstat (limited to 'libexec/rexecd/rexecd.8')
-rw-r--r-- | libexec/rexecd/rexecd.8 | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8 index df89504..5103465 100644 --- a/libexec/rexecd/rexecd.8 +++ b/libexec/rexecd/rexecd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93 -.\" $Id$ +.\" $Id: rexecd.8,v 1.3 1996/09/22 21:54:42 wosch Exp $ .\" .Dd September 23, 1994 .Dt REXECD 8 @@ -99,8 +99,11 @@ by .El .Sh CAVEATS .Nm Rexecd -will no longer allow root logins, access for users listed in /etc/ftpusers, -or access for users with no passwords, which were all serious security holes. +will no longer allow root logins, +access for users listed in /etc/ftpusers, +access for users with no passwords, +or reverse connections to privileged ports, +which were all serious security holes. The entire concept of rexec/rexecd is a major security hole and an example of how not to do things. .Nm Rexecd |