OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: Fix for Linux/AIX login hole

Re: Fix for Linux/AIX login hole

Perry E. Metzger (perryimsi.com)
Tue, 24 May 1994 07:27:21 -0400

H Morrow Long says:
> Of course this is no substitute for the IBM emergency patch which should
> be installed as well.  I do recommend removing the ability to rlogin to
> a root account.  There is no valid reason for root to be able to rlogin
> (well there might be a few but they are not as powerful as the arguments
> against).  /bin/su is the preferred method of becoming root and you can
> still telnet in and login on the console as root (I would encourage you
> to turn off the ability to telnet in and login as root as well, but...).

And what happens one morning when NIS stops working, or NFS starts
hanging, and you cannot log in as any user BUT root? Yes, this
happens.

Of course, the real answer is to kerberize all access to your machine, but...

Perry