diff options
Diffstat (limited to 'libexec/rexecd/rexecd.8')
| -rw-r--r-- | libexec/rexecd/rexecd.8 | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8 index 3035900..df89504 100644 --- a/libexec/rexecd/rexecd.8 +++ b/libexec/rexecd/rexecd.8 @@ -29,9 +29,10 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)rexecd.8 8.3 (Berkeley) 6/1/94 +.\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93 +.\" $Id$ .\" -.Dd June 1, 1994 +.Dd September 23, 1994 .Dt REXECD 8 .Os BSD 4.2 .Sh NAME @@ -96,6 +97,14 @@ shell inherits the network connections established by .Nm rexecd . .El +.Sh CAVEATS +.Nm Rexecd +will no longer allow root logins, access for users listed in /etc/ftpusers, +or access for users with no passwords, which were all serious security holes. +The entire concept of rexec/rexecd is a major security hole and an example +of how not to do things. +.Nm Rexecd +is disabled by default in /etc/inetd.conf. .Sh DIAGNOSTICS Except for the last one listed below, all diagnostic messages are returned on the initial socket, @@ -117,7 +126,6 @@ list (as configured into the system). No password file entry for the user name existed. .It Sy Password incorrect. The wrong password was supplied. -.ne 1i .It Sy \&No remote directory. The .Xr chdir @@ -136,10 +144,6 @@ and is not preceded by a flag byte. .Sh SEE ALSO .Xr rexec 3 .Sh BUGS -Indicating ``Login incorrect'' as opposed to ``Password incorrect'' -is a security breach which allows people to probe a system for users -with null passwords. -.Pp A facility to allow all data and password exchanges to be encrypted should be present. .Sh HISTORY |
