Warner Losh wrote: > In message <19981109062947.24560.qmailat_private> "D. J. Bernstein" writes: > : Here's the combined procedure used by tcpd -DPARANOID and rshd/rlogind > : to check for trusted hosts: > : > : (1) Use DNS PTR records to find a name for the remote IP address. > : > : (2) Use DNS A records to find the IP addresses for that name. > : > : (3) Drop the connection if the remote IP address is not one of the > : IP addresses for that name. > : > : (4) Use DNS PTR records to find a name for the remote IP address, > : and check that the name is in a list of trusted host names. > : > : The A records for all trusted hosts can be controlled locally. With > : secure IP and secure DNS, there's no way for a trusted host name in #1 > : to survive the check in #3 unless the remote IP address is listed as an > : A record for that name. > > For local domains (and all domains when rshd is run -a), there is a > step 5 which is basically the same as step 2 as a cross check. This > check appears to only be in rshd, but not rlogind. The test in rshd appears redundant.. The real test is in libc in ruserok() and iruserok(). rshd and rlogind are safe (as far as I can tell) on all systems that are 4.3BSD-net2 (and later) derivatives. They don't need -DPARANOID at all. I've seen the net2 and Lite code integrated with some commercial systems (notably SCO), and I believe the likes of AIX have it too. The main ones I do not know about are Solaris and all the different Linux distributions. > Far be it from me to defent IP based authentication. I don't run > services that use IP based authentication on machines that I care > about... Amen to that! > Warner Cheers, -Peter
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:31 PDT