summaryrefslogtreecommitdiffstats
path: root/libexec/rexecd/rexecd.8
diff options
context:
space:
mode:
authorpst <pst@FreeBSD.org>1994-09-29 09:23:58 +0000
committerpst <pst@FreeBSD.org>1994-09-29 09:23:58 +0000
commite9556ba2e90e4e57341987d1dc36049447bbf5c7 (patch)
treebb841847fffef7d21405f7ae8b75f4fc2b527bdf /libexec/rexecd/rexecd.8
parent8f24a60e020336675f10edb03bc7d8ceddf10aa2 (diff)
downloadFreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.zip
FreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.tar.gz
Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written, however make it so that people who have a need to run it don't hurt themselves so badly. Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
Diffstat (limited to 'libexec/rexecd/rexecd.8')
-rw-r--r--libexec/rexecd/rexecd.814
1 files changed, 9 insertions, 5 deletions
diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8
index 2dda22b..34059b8 100644
--- a/libexec/rexecd/rexecd.8
+++ b/libexec/rexecd/rexecd.8
@@ -31,7 +31,7 @@
.\"
.\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93
.\"
-.Dd December 11, 1993
+.Dd September 23, 1994
.Dt REXECD 8
.Os BSD 4.2
.Sh NAME
@@ -96,6 +96,14 @@ shell inherits the network connections established
by
.Nm rexecd .
.El
+.Sh CAVEATS
+.Nm Rexecd
+will no longer allow root logins, access for users listed in /etc/ftpusers,
+or access for users with no passwords, which were all serious security holes.
+The entire concept of rexec/rexecd is a major security hole and an example
+of how not to do things.
+.Nm Rexecd
+is disabled by default in /etc/inetd.conf.
.Sh DIAGNOSTICS
Except for the last one listed below,
all diagnostic messages are returned on the initial socket,
@@ -135,10 +143,6 @@ and is not preceded by a flag byte.
.Sh SEE ALSO
.Xr rexec 3
.Sh BUGS
-Indicating ``Login incorrect'' as opposed to ``Password incorrect''
-is a security breach which allows people to probe a system for users
-with null passwords.
-.Pp
A facility to allow all data and password exchanges to be encrypted should be
present.
.Sh HISTORY
OpenPOWER on IntegriCloud