From e9556ba2e90e4e57341987d1dc36049447bbf5c7 Mon Sep 17 00:00:00 2001
From: pst <pst@FreeBSD.org>
Date: Thu, 29 Sep 1994 09:23:58 +0000
Subject: Tighen up rexecd(8) security (see manual page for details). Rexecd is
 a crock, it never should have been written,  however make it so that people
 who have a need to run it don't hurt themselves so badly.

Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
---
 libexec/rexecd/rexecd.8 | 14 +++++++-----
 libexec/rexecd/rexecd.c | 60 ++++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 58 insertions(+), 16 deletions(-)

(limited to 'libexec/rexecd')

diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8
index 2dda22b..34059b8 100644
--- a/libexec/rexecd/rexecd.8
+++ b/libexec/rexecd/rexecd.8
@@ -31,7 +31,7 @@
 .\"
 .\"     @(#)rexecd.8	8.2 (Berkeley) 12/11/93
 .\"
-.Dd December 11, 1993
+.Dd September 23, 1994
 .Dt REXECD 8
 .Os BSD 4.2
 .Sh NAME
@@ -96,6 +96,14 @@ shell inherits the network connections established
 by
 .Nm rexecd .
 .El
+.Sh CAVEATS
+.Nm Rexecd
+will no longer allow root logins, access for users listed in /etc/ftpusers,
+or access for users with no passwords, which were all serious security holes.
+The entire concept of rexec/rexecd is a major security hole and an example
+of how not to do things.
+.Nm Rexecd
+is disabled by default in /etc/inetd.conf.
 .Sh DIAGNOSTICS
 Except for the last one listed below,
 all diagnostic messages are returned on the initial socket,
@@ -135,10 +143,6 @@ and is not preceded by a flag byte.
 .Sh SEE ALSO
 .Xr rexec 3
 .Sh BUGS
-Indicating ``Login incorrect'' as opposed to ``Password incorrect''
-is a security breach which allows people to probe a system for users
-with null passwords.
-.Pp
 A facility to allow all data and password exchanges to be encrypted should be
 present.
 .Sh HISTORY
diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c
index 7779934..679f540 100644
--- a/libexec/rexecd/rexecd.c
+++ b/libexec/rexecd/rexecd.c
@@ -47,6 +47,7 @@ static char sccsid[] = "@(#)rexecd.c	8.1 (Berkeley) 6/4/93";
 #include <sys/time.h>
 
 #include <netinet/in.h>
+#include <arpa/inet.h>
 
 #include <errno.h>
 #include <netdb.h>
@@ -57,10 +58,23 @@ static char sccsid[] = "@(#)rexecd.c	8.1 (Berkeley) 6/4/93";
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <syslog.h>
+#include <netdb.h>
 
 /*VARARGS1*/
 int error();
 
+char	username[20] = "USER=";
+char	homedir[64] = "HOME=";
+char	shell[64] = "SHELL=";
+char	path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH=";
+char	*envinit[] =
+	    {homedir, shell, path, username, 0};
+char	**environ;
+char	*remote;
+
+struct	sockaddr_in asin = { AF_INET };
+
 /*
  * remote execute server:
  *	username\0
@@ -75,30 +89,29 @@ main(argc, argv)
 {
 	struct sockaddr_in from;
 	int fromlen;
+	struct hostent *hp;
 
+	openlog(argv[0], LOG_PID, LOG_AUTH);
 	fromlen = sizeof (from);
 	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
 		(void)fprintf(stderr,
 		    "rexecd: getpeername: %s\n", strerror(errno));
 		exit(1);
 	}
-	doit(0, &from);
-}
 
-char	username[20] = "USER=";
-char	homedir[64] = "HOME=";
-char	shell[64] = "SHELL=";
-char	path[sizeof(_PATH_DEFPATH) + sizeof("PATH=")] = "PATH=";
-char	*envinit[] =
-	    {homedir, shell, path, username, 0};
-char	**environ;
+	hp = gethostbyaddr((char *) &from.sin_addr, sizeof(from.sin_addr),
+			   from.sin_family);
+		remote = inet_ntoa(from.sin_addr);
+	remote = (hp != NULL) ? hp->h_name : inet_ntoa(from.sin_addr);
 
-struct	sockaddr_in asin = { AF_INET };
+	doit(0, &from);
+}
 
 doit(f, fromp)
 	int f;
 	struct sockaddr_in *fromp;
 {
+	FILE *fp;
 	char cmdbuf[NCARGS+1], *cp, *namep;
 #ifdef SKEY
 	char *skey_crypt();
@@ -168,10 +181,35 @@ doit(f, fromp)
 		namep = crypt(pass, pwd->pw_passwd);
 #endif /* SKEY */
 		if (strcmp(namep, pwd->pw_passwd)) {
-			error("Password incorrect.\n");
+			syslog(LOG_ERR, "LOGIN FAILURE from %s, %s",
+			       remote, user);
+			error("Login incorrect.\n");
 			exit(1);
 		}
 	}
+	
+	if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0') {
+		syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote);
+		error("Login incorrect.\n");
+		exit(1);
+	}
+
+	if ((fp = fopen(_PATH_FTPUSERS, "r")) != NULL) {
+		while (fgets(buf, sizeof(buf), fp) != NULL) {
+			if ((cp = index(buf, '\n')) != NULL)
+				*cp = '\0';
+			if (strcmp(buf, pwd->pw_name) == 0) {
+				syslog(LOG_ERR, "%s LOGIN REFUSED from %s",
+				       user, remote);
+				error("Login incorrect.\n");
+				exit(1);
+			}
+		}
+	}
+	(void) fclose(fp);
+
+	syslog(LOG_INFO, "login from %s as %s", remote, user);
+
 	if (chdir(pwd->pw_dir) < 0) {
 		error("No remote directory.\n");
 		exit(1);
-- 
cgit v1.1