|
Bugtraq
mailing list archives
Re: xterm
From: pc () pyramid com (pc () pyramid com)
Date: Thu, 18 Nov 1993 17:21:44 -0800 (PST)
The reason I ask.
Scenario: I remotely start an xterm to your server, after first setting my uid
to your uid (i can do this on *my* end since i have root).
I set the xterm logfile to be ~home/.rhost. Thus adding a line or more to your
.rhost file. xterm in most cases uses unix_auth.
I can then login. One step closer to root ;^).
Please tell me I'm wrong.
You are wrong. Unless I already have a .rhosts entry or your host is in
my hosts.equiv file, you would not be able to start up a remote xterm.
And if you were able to start a remote xterm, you would be able to simply
rlogin, so using the logging feature of xterm wouldn't get you anything
you didn't already have.
pc
--
-m--------- Patrick Connor Pyramid Technology
---mmm------- (408) 428-8819 3860 North 1st St.
-----mmmmm----- pc () pyramid com -or- San Jose, CA
-------mmmmmmm--- uunet!pyramid!pc 95134
 By Date 
By Thread
Current thread:
- xterm Brad Powell - Sun CIS (Nov 18)
- Re: xterm pc () pyramid com (Nov 18)
| 
Intro
