summaryrefslogtreecommitdiffstats
path: root/libexec/rexecd
diff options
context:
space:
mode:
authorpst <pst@FreeBSD.org>1994-09-29 09:23:58 +0000
committerpst <pst@FreeBSD.org>1994-09-29 09:23:58 +0000
commite9556ba2e90e4e57341987d1dc36049447bbf5c7 (patch)
treebb841847fffef7d21405f7ae8b75f4fc2b527bdf /libexec/rexecd
parent8f24a60e020336675f10edb03bc7d8ceddf10aa2 (diff)
downloadFreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.zip
FreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.tar.gz
Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written, however make it so that people who have a need to run it don't hurt themselves so badly. Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
Diffstat (limited to 'libexec/rexecd')
-rw-r--r--libexec/rexecd/rexecd.814
-rw-r--r--libexec/rexecd/rexecd.c60
2 files changed, 58 insertions, 16 deletions
diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8
index 2dda22b..34059b8 100644
--- a/libexec/rexecd/rexecd.8
+++ b/libexec/rexecd/rexecd.8
@@ -31,7 +31,7 @@
.\"
.\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93
.\"
-.Dd December 11, 1993
+.Dd September 23, 1994
.Dt REXECD 8
.Os BSD 4.2
.Sh NAME
@@ -96,6 +96,14 @@ shell inherits the network connections established
by
.Nm rexecd .
.El
+.Sh CAVEATS
+.Nm Rexecd
+will no longer allow root logins, access for users listed in /etc/ftpusers,
+or access for users with no passwords, which were all serious security holes.
+The entire concept of rexec/rexecd is a major security hole and an example
+of how not to do things.
+.Nm Rexecd
+is disabled by default in /etc/inetd.conf.
.Sh DIAGNOSTICS
Except for the last one listed below,
all diagnostic messages are returned on the initial socket,
@@ -135,10 +143,6 @@ and is not preceded by a flag byte.
.Sh SEE ALSO
.Xr rexec 3
.Sh BUGS
-Indicating ``Login incorrect'' as opposed to ``Password incorrect''
-is a security breach which allows people to probe a system for users
-with null passwords.
-.Pp
A facility to allow all data and password exchanges to be encrypted should be
present.
.Sh HISTORY
diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c
index 7779934..679f540 100644
--- a/libexec/rexecd/rexecd.c
+++ b/libexec/rexecd/rexecd.c
@@ -47,6 +47,7 @@ static char sccsid[] = "@(#)rexecd.c 8.1 (Berkeley) 6/4/93";
#include <sys/time.h>
#include <netinet/in.h>
+#include <arpa/inet.h>
#include <errno.h>
#include <netdb.h>
@@ -57,10 +58,23 @@ static char sccsid[] = "@(#)rexecd.c 8.1 (Berkeley) 6/4/93";
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <syslog.h>
+#include <netdb.h>
/*VARARGS1*/
int error();
+char username[20] = "USER=";
+char homedir[64] = "HOME=";
+char shell[64] = "SHELL=";
+char path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH=";
+char *envinit[] =
+ {homedir, shell, path, username, 0};
+char **environ;
+char *remote;
+
+struct sockaddr_in asin = { AF_INET };
+
/*
* remote execute server:
* username\0
@@ -75,30 +89,29 @@ main(argc, argv)
{
struct sockaddr_in from;
int fromlen;
+ struct hostent *hp;
+ openlog(argv[0], LOG_PID, LOG_AUTH);
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
(void)fprintf(stderr,
"rexecd: getpeername: %s\n", strerror(errno));
exit(1);
}
- doit(0, &from);
-}
-char username[20] = "USER=";
-char homedir[64] = "HOME=";
-char shell[64] = "SHELL=";
-char path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH=";
-char *envinit[] =
- {homedir, shell, path, username, 0};
-char **environ;
+ hp = gethostbyaddr((char *) &from.sin_addr, sizeof(from.sin_addr),
+ from.sin_family);
+ remote = inet_ntoa(from.sin_addr);
+ remote = (hp != NULL) ? hp->h_name : inet_ntoa(from.sin_addr);
-struct sockaddr_in asin = { AF_INET };
+ doit(0, &from);
+}
doit(f, fromp)
int f;
struct sockaddr_in *fromp;
{
+ FILE *fp;
char cmdbuf[NCARGS+1], *cp, *namep;
#ifdef SKEY
char *skey_crypt();
@@ -168,10 +181,35 @@ doit(f, fromp)
namep = crypt(pass, pwd->pw_passwd);
#endif /* SKEY */
if (strcmp(namep, pwd->pw_passwd)) {
- error("Password incorrect.\n");
+ syslog(LOG_ERR, "LOGIN FAILURE from %s, %s",
+ remote, user);
+ error("Login incorrect.\n");
exit(1);
}
}
+
+ if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0') {
+ syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote);
+ error("Login incorrect.\n");
+ exit(1);
+ }
+
+ if ((fp = fopen(_PATH_FTPUSERS, "r")) != NULL) {
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
+ if ((cp = index(buf, '\n')) != NULL)
+ *cp = '\0';
+ if (strcmp(buf, pwd->pw_name) == 0) {
+ syslog(LOG_ERR, "%s LOGIN REFUSED from %s",
+ user, remote);
+ error("Login incorrect.\n");
+ exit(1);
+ }
+ }
+ }
+ (void) fclose(fp);
+
+ syslog(LOG_INFO, "login from %s as %s", remote, user);
+
if (chdir(pwd->pw_dir) < 0) {
error("No remote directory.\n");
exit(1);
OpenPOWER on IntegriCloud