Subject: Re: Problems with root and .rhosts
To: Brian Moore <firstname.lastname@example.org>
From: Chris G. Demetriou <email@example.com>
Date: 10/27/1994 02:15:08
>Any qualms about adding that 'unsecure' option to the code, or is NetBSD
>trying to stay as BSD 4.4'ish as possible?
Yes, but they have nothing to do with wanting to be like 4.4. 8-)
I think that the slow growth of the number of options a program takes
is a _bad_ thing. (do you know how many options cat(1) has these
days? know how many it had in V7? etc.) I think that if there's
reason enough to add the flag, in this case, that behaviour should be
made the default.
I'm going to try to find out tomorrow _exactly_ why it was done this
way, and then figure out what should be done about it. it makes me
wonder: normally pty's are insecure, and would disallow root logins.
should they be allowed for rlogins? how do you disallow them? (i'm
not sure that it would happen automatically w/ no changes to the code
that's already there...)
On a slightly different subject, I think that the logging behaviour
should be made consistent with rshd: namely, add a flag that causes
notice of all rlogins to be given, and implement a policy consistent
to rshd's about logging root rlogins, if they're allowed.