From Jim.Pirzyk@disney.com  Fri Aug 25 14:28:36 2000
Return-Path: <Jim.Pirzyk@disney.com>
Received: from mail11.disney.com (mail11.disney.com [208.246.35.55])
	by hub.freebsd.org (Postfix) with ESMTP id EBA1937B43F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Aug 2000 14:28:35 -0700 (PDT)
Received: from pain.corp.disney.com (pain.corp.disney.com [153.7.231.100])
	by mail11.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id e7PLd3114662
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Aug 2000 14:39:04 -0700 (PDT)
Received: from louie.fa.disney.com by pain.corp.disney.com with ESMTP for FreeBSD-gnats-submit@freebsd.org; Fri, 25 Aug 2000 14:28:59 -0700
Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2])
	by louie.fa.disney.com (8.9.2/8.9.2) with ESMTP id OAA26485
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Aug 2000 14:28:30 -0700 (PDT)
	(envelope-from pirzyk@fa.disney.com)
Received: from snoopy.fan.fa.disney.com (snoopy.fan.fa.disney.com [172.30.228.110])
	by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id OAA16470
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Aug 2000 14:28:29 -0700 (PDT)
	(envelope-from pirzyk@fa.disney.com)
Received: (from pirzyk@localhost)
	by snoopy.fan.fa.disney.com (8.9.3/8.9.3) id OAA84574;
	Fri, 25 Aug 2000 14:28:32 -0700 (PDT)
	(envelope-from pirzyk@fa.disney.com)
Message-Id: <200008252128.OAA84574@snoopy.fan.fa.disney.com>
Date: Fri, 25 Aug 2000 14:28:32 -0700 (PDT)
From: Jim.Pirzyk@disney.com
Reply-To: Jim.Pirzyk@disney.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: root login from trusted hosts
X-Send-Pr-Version: 3.2

>Number:         20847
>Category:       conf
>Synopsis:       Root login is allowed from trusted hosts
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 25 14:30:00 PDT 2000
>Closed-Date:    Thu Aug 31 02:25:40 PDT 2000
>Last-Modified:  Thu Aug 31 02:27:31 PDT 2000
>Originator:     Jim Pirzyk
>Release:        FreeBSD 4.1-RELEASE i386
>Organization:
>Environment:

	Having machines in a netgroup file that are trusted between each other
	as root in the /root/.rhosts file.

>Description:

	Can rsh to a remote FreeBSD host as root if the /root/.rhosts file
	exists with the local host in it.  This is regardless of what the
	/etc/ttys file has in it (no secure entry on any of the networked
	ttys).  The /etc/login.access file is the default file with everying
	commented out

>How-To-Repeat:

	Have host A and B.  Be root on A and have A in B's /root/.rhosts
	file.  Then rsh B and see if you get in.

>Fix:

	Have this line in /etc/login.access:

-:root:ALL EXCEPT ttyv0 ttyv1 ttyv2 ttyv3 ttyv4 ttyv5 ttyv6 ttyv7 ttyv8

	This should be setup in the default system and the 'secure' option
	should be taken out of the /etc/ttys file as well as the ttys
	man page since it does not apply anymore.


>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Jim.Pirzyk@disney.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: conf/20847: root login from trusted hosts 
Date: Mon, 28 Aug 2000 12:09:20 +0200

 On Fri, 25 Aug 2000 14:28:32 MST, Jim.Pirzyk@disney.com wrote:
 
 > 	Have host A and B.  Be root on A and have A in B's /root/.rhosts
 > 	file.  Then rsh B and see if you get in.
 
 Isn't that the whole point of /root/.rhosts?  It sounds like you're
 describing the intended use of the file.
 
 What am I missing here? :-)
 
 Ciao,
 Sheldon.
 

From: Jim Pirzyk <Jim.Pirzyk@disney.com>
To: Sheldon Hearn <sheldonh@uunet.co.za>, Jim.Pirzyk@disney.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: conf/20847: root login from trusted hosts
Date: Mon, 28 Aug 2000 08:36:39 -0700

 On Mon, 28 Aug 2000, Sheldon Hearn wrote:
 > On Fri, 25 Aug 2000 14:28:32 MST, Jim.Pirzyk@disney.com wrote:
 > 
 > > 	Have host A and B.  Be root on A and have A in B's /root/.rhosts
 > > 	file.  Then rsh B and see if you get in.
 > 
 > Isn't that the whole point of /root/.rhosts?  It sounds like you're
 > describing the intended use of the file.
 > 
 > What am I missing here? :-)
 
 But in the ttys(5) man page, that should override the /root/.rhosts file
 and it does in FBSD-3.4R (that I can test it on).
 
 The /root/.rhosts allows stuff like rsh B date but without the
 'secure' line in the ttys file, rlogin B should not work.  yes it is
 a very subtle differentation.
 
 Thanks
 
 - JimP
 
  >  > Ciao,
 > Sheldon.
 -- 
 --- @(#) $Id: dot.signature,v 1.9 2000/07/10 16:43:05 pirzyk Exp $
     __o   Jim.Pirzyk@disney.com -------------------------------------
  _'\<,_   Senior Systems Engineer, Walt Disney Feature Animation 
 (*)/ (*)  
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Jim Pirzyk <Jim.Pirzyk@disney.com>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: conf/20847: root login from trusted hosts 
Date: Mon, 28 Aug 2000 17:47:40 +0200

 On Mon, 28 Aug 2000 08:36:39 MST, Jim Pirzyk wrote:
 
 > But in the ttys(5) man page, that should override the /root/.rhosts file
 > and it does in FBSD-3.4R (that I can test it on).
 
 Can you quote the part of the ttys(5) manual page that suggests that
 terminals which are not marked "secure" in /etc/ttys will not work with
 rsh root logins?  I'm not disagreeing with you, I'd just like to be
 convinced.
 
 Specifically, I can't find anything in the rsh(1) and rshd(8) manual
 pages to support what you're saying.
 
 Ciao,
 Sheldon.
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Jim Pirzyk <Jim.Pirzyk@disney.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: conf/20847: root login from trusted hosts 
Date: Mon, 28 Aug 2000 17:57:48 +0200

 On Mon, 28 Aug 2000 08:50:07 MST, Jim Pirzyk wrote:
 
 > The 6th paragraph in the DESCRIPTION section of the man page.
 > 
 >      As flag values, the strings ``on'' and ``off'' specify that init(8)
 >      should (should not) execute the command given in the second field, while
 >      ``secure'' (if ``on'' is also specified) allows users with a uid of 0 to
 >      login on this line.  The flag ``dialin'' indicates that a tty entry de-
 >      scribes a dialin line, and ``network'' indicates that a tty entry pro-
 >      vides a network connection.  Either of these strings may also be speci-
 >      fied in the terminal type field.  The string ``window='' may be followed
 >      by a quoted command string which init(8) will execute before starting the
 >      command specified by the second field.
 
 One of us doesn't understand what ttys(5) is for.  :-)
 
 I think this is a non-issue and that you haven't understood how ttys(5)
 works, or how the r-utils work.  However, since I'm aware that I'm not
 an expert in this area, I'll leave the PR open for a second opinion.
 
 :-)
 
 Ciao,
 Sheldon.
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Jim Pirzyk <Jim.Pirzyk@disney.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: conf/20847: root login from trusted hosts 
Date: Mon, 28 Aug 2000 18:57:26 +0200

 On Mon, 28 Aug 2000 09:01:11 MST, Jim Pirzyk wrote:
 
 > But the main point is that the functionallity has changed from 3.4R to
 > 4.1R (but I cannot narrow it down more than that).
 > 
 > But thanks for looking into it.
 
 Right.  That I missed. :-)
 
 I wish I had a RELENG_3 box to test this on.
 
 Ciao,
 Sheldon.
 
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Thu Aug 31 02:25:40 PDT 2000 
State-Changed-Why:  
We've already established that the behaviour observed in 
4.x is as expected.  The behaviour that the originator 
calims to have seen in 3.x can't be reproduced on a 
3.4-STABLE-20000510 box. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20847 
>Unformatted:
