Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Delivered-To: mailing list cygwin@cygwin.com To: cygwin@cygwin.com X-Injected-Via-Gmane: yes Path: not-for-mail From: Andrew DeFaria Newsgroups: gmane.os.cygwin Subject: Re: login: no shell: /bin/bash: Permission denied Date: Wed, 06 Mar 2002 15:03:02 -0800 Organization: Salira Optical Networks Lines: 20 Message-ID: <3C86A026.6080204@DeFaria.com> References: <20020306101433.P13590@cygbert.vinschen.de> <3C866A0B.6040500@DeFaria.com> <20020306213202.C13590@cygbert.vinschen.de> <3C869077.3090705@DeFaria.com> <3C86961C.5040209@cportcorp.com> NNTP-Posting-Host: 206.184.204.2 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: quimby2.netfonds.no 1015456215 9823 206.184.204.2 (6 Mar 2002 23:10:15 GMT) X-Complaints-To: usenet@quimby2.netfonds.no NNTP-Posting-Date: 6 Mar 2002 23:10:15 GMT User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us Peter Buckley wrote: > >> Regardless, to me it's still would be a large security hole if all one >> needs to do is: >> >> $ echo "+" > ~/.rhosts >> >> to be able to abuse rsh to do something under somebody else's user ID >> is it not? > > rsh is inherently insecure. Attempts to make it secure are not > worthwhile (in fact, they tend to break rsh). Especially in the land of > NT insecurity, trying to make rsh secure simply makes it unusable. What are you talking about?!? It's simple, if rsh is called with the -l parameter (assuming the it's not -l ) then prompt for a password. If that's not doable then fail with an error message of some sort. But lord's sakes laddy! Don't just let them walk in! :-) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/