Re: Security problem - inetd.conf has rsh/rlogin/rexec "ON" as a default
On Thu, 11 Jun 1998, Amos Shapira wrote:
> The rsh/rlogin/ident/rexec services are active by default in the
> inetd.conf file. Even though I keep removing them (I delete their
> lines altogether since that way it's much easier to notice a change)
> they seem to keep popping up after updating any software related to
> this file.
If you comment them out with a single "#", they won't be re-enabled by
updated packages.
> I'd like to suggest that these services will be "off" by default and
> the user should be given a chance to stop the system before it
> reactivates them.
Many people do administration remotely. They would probably be very
disapointed to have their login services yanked out from under them.
They're easy enough to disable and only truely a security hole if you have
.rhosts or hosts.equivs files laying around. Even then, tcpwrappers makes
them significantly harder to spoof than on a traditional UNIX environment.
> I'm not on the list (finals period) so please CC to me any response to
> this message.
CC sent.
--
Scott K. Ellis <storm@gate.net> http://www.gate.net/~storm/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: