diff options
author | pst <pst@FreeBSD.org> | 1994-09-29 09:23:58 +0000 |
---|---|---|
committer | pst <pst@FreeBSD.org> | 1994-09-29 09:23:58 +0000 |
commit | e9556ba2e90e4e57341987d1dc36049447bbf5c7 (patch) | |
tree | bb841847fffef7d21405f7ae8b75f4fc2b527bdf /libexec/rexecd/rexecd.8 | |
parent | 8f24a60e020336675f10edb03bc7d8ceddf10aa2 (diff) | |
download | FreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.zip FreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.tar.gz |
Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written, however make it so
that people who have a need to run it don't hurt themselves so badly.
Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
Diffstat (limited to 'libexec/rexecd/rexecd.8')
-rw-r--r-- | libexec/rexecd/rexecd.8 | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8 index 2dda22b..34059b8 100644 --- a/libexec/rexecd/rexecd.8 +++ b/libexec/rexecd/rexecd.8 @@ -31,7 +31,7 @@ .\" .\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93 .\" -.Dd December 11, 1993 +.Dd September 23, 1994 .Dt REXECD 8 .Os BSD 4.2 .Sh NAME @@ -96,6 +96,14 @@ shell inherits the network connections established by .Nm rexecd . .El +.Sh CAVEATS +.Nm Rexecd +will no longer allow root logins, access for users listed in /etc/ftpusers, +or access for users with no passwords, which were all serious security holes. +The entire concept of rexec/rexecd is a major security hole and an example +of how not to do things. +.Nm Rexecd +is disabled by default in /etc/inetd.conf. .Sh DIAGNOSTICS Except for the last one listed below, all diagnostic messages are returned on the initial socket, @@ -135,10 +143,6 @@ and is not preceded by a flag byte. .Sh SEE ALSO .Xr rexec 3 .Sh BUGS -Indicating ``Login incorrect'' as opposed to ``Password incorrect'' -is a security breach which allows people to probe a system for users -with null passwords. -.Pp A facility to allow all data and password exchanges to be encrypted should be present. .Sh HISTORY |