> There are two issues. First, rlogin uses a very weak form of authentication;
> it's sometimes possible to spoof it. Second, the *source* port for rlogin
> is a random ``privileged'' port, and you probably don't want to allow
> unrestricted access in that range.
It's especially easy when you have 'non-secure' machines on your network,
such as PCs or Macs. Since there's no such thing as a privileged port on a
PC, it's trivial to create an rlogin session that specifies an arbitrary
user name.
I've seen similar problems with NFS clients on PCs. Many NFS implementations
I've seen allow you to specify an arbitrary userid as your 'client ID',
without any athentication by the server. So, for example, you can mount a
remote filesystem as user 'bin', and replace any arbitrary files
(/usr/bin/atrun is fast way to get root...)
The moral of this convoluted digression is that when it comes to security,
you *cannot* trust any information about the remote machine. Privileged
ports aren't, usernames and userids can be spoofed, and so on.
--
Main's Law: For every | C. Harald Koch Alias Research, Inc. Toronto, ON
action, there is an equal | chk @
alias .
com (work-related mail)
and opposite goverment | chk @
gpu .
utcs .
utoronto .
ca (permanent address)
program. | VE3TLA @
VE3OY .
#SCON .
ON .
CA .
NA (AMPRNet)
References:
|
|
