diff options
author | pst <pst@FreeBSD.org> | 1994-09-29 09:23:58 +0000 |
---|---|---|
committer | pst <pst@FreeBSD.org> | 1994-09-29 09:23:58 +0000 |
commit | e9556ba2e90e4e57341987d1dc36049447bbf5c7 (patch) | |
tree | bb841847fffef7d21405f7ae8b75f4fc2b527bdf /libexec/rexecd | |
parent | 8f24a60e020336675f10edb03bc7d8ceddf10aa2 (diff) | |
download | FreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.zip FreeBSD-src-e9556ba2e90e4e57341987d1dc36049447bbf5c7.tar.gz |
Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written, however make it so
that people who have a need to run it don't hurt themselves so badly.
Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
Diffstat (limited to 'libexec/rexecd')
-rw-r--r-- | libexec/rexecd/rexecd.8 | 14 | ||||
-rw-r--r-- | libexec/rexecd/rexecd.c | 60 |
2 files changed, 58 insertions, 16 deletions
diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8 index 2dda22b..34059b8 100644 --- a/libexec/rexecd/rexecd.8 +++ b/libexec/rexecd/rexecd.8 @@ -31,7 +31,7 @@ .\" .\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93 .\" -.Dd December 11, 1993 +.Dd September 23, 1994 .Dt REXECD 8 .Os BSD 4.2 .Sh NAME @@ -96,6 +96,14 @@ shell inherits the network connections established by .Nm rexecd . .El +.Sh CAVEATS +.Nm Rexecd +will no longer allow root logins, access for users listed in /etc/ftpusers, +or access for users with no passwords, which were all serious security holes. +The entire concept of rexec/rexecd is a major security hole and an example +of how not to do things. +.Nm Rexecd +is disabled by default in /etc/inetd.conf. .Sh DIAGNOSTICS Except for the last one listed below, all diagnostic messages are returned on the initial socket, @@ -135,10 +143,6 @@ and is not preceded by a flag byte. .Sh SEE ALSO .Xr rexec 3 .Sh BUGS -Indicating ``Login incorrect'' as opposed to ``Password incorrect'' -is a security breach which allows people to probe a system for users -with null passwords. -.Pp A facility to allow all data and password exchanges to be encrypted should be present. .Sh HISTORY diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c index 7779934..679f540 100644 --- a/libexec/rexecd/rexecd.c +++ b/libexec/rexecd/rexecd.c @@ -47,6 +47,7 @@ static char sccsid[] = "@(#)rexecd.c 8.1 (Berkeley) 6/4/93"; #include <sys/time.h> #include <netinet/in.h> +#include <arpa/inet.h> #include <errno.h> #include <netdb.h> @@ -57,10 +58,23 @@ static char sccsid[] = "@(#)rexecd.c 8.1 (Berkeley) 6/4/93"; #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <syslog.h> +#include <netdb.h> /*VARARGS1*/ int error(); +char username[20] = "USER="; +char homedir[64] = "HOME="; +char shell[64] = "SHELL="; +char path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH="; +char *envinit[] = + {homedir, shell, path, username, 0}; +char **environ; +char *remote; + +struct sockaddr_in asin = { AF_INET }; + /* * remote execute server: * username\0 @@ -75,30 +89,29 @@ main(argc, argv) { struct sockaddr_in from; int fromlen; + struct hostent *hp; + openlog(argv[0], LOG_PID, LOG_AUTH); fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { (void)fprintf(stderr, "rexecd: getpeername: %s\n", strerror(errno)); exit(1); } - doit(0, &from); -} -char username[20] = "USER="; -char homedir[64] = "HOME="; -char shell[64] = "SHELL="; -char path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH="; -char *envinit[] = - {homedir, shell, path, username, 0}; -char **environ; + hp = gethostbyaddr((char *) &from.sin_addr, sizeof(from.sin_addr), + from.sin_family); + remote = inet_ntoa(from.sin_addr); + remote = (hp != NULL) ? hp->h_name : inet_ntoa(from.sin_addr); -struct sockaddr_in asin = { AF_INET }; + doit(0, &from); +} doit(f, fromp) int f; struct sockaddr_in *fromp; { + FILE *fp; char cmdbuf[NCARGS+1], *cp, *namep; #ifdef SKEY char *skey_crypt(); @@ -168,10 +181,35 @@ doit(f, fromp) namep = crypt(pass, pwd->pw_passwd); #endif /* SKEY */ if (strcmp(namep, pwd->pw_passwd)) { - error("Password incorrect.\n"); + syslog(LOG_ERR, "LOGIN FAILURE from %s, %s", + remote, user); + error("Login incorrect.\n"); exit(1); } } + + if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0') { + syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote); + error("Login incorrect.\n"); + exit(1); + } + + if ((fp = fopen(_PATH_FTPUSERS, "r")) != NULL) { + while (fgets(buf, sizeof(buf), fp) != NULL) { + if ((cp = index(buf, '\n')) != NULL) + *cp = '\0'; + if (strcmp(buf, pwd->pw_name) == 0) { + syslog(LOG_ERR, "%s LOGIN REFUSED from %s", + user, remote); + error("Login incorrect.\n"); + exit(1); + } + } + } + (void) fclose(fp); + + syslog(LOG_INFO, "login from %s as %s", remote, user); + if (chdir(pwd->pw_dir) < 0) { error("No remote directory.\n"); exit(1); |