>Number:         1764
>Category:       lib
>Synopsis:       __ivaliduser() contains call to abort()
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 15 21:50:01 1995
>Last-Modified:
>Originator:     John Kohl
>Organization:
NetBSD Kernel Hackers `R` Us
>Release:        NetBSD-current, 1995/11/15
>Environment:
	
System: NetBSD pattern 1.1_ALPHA NetBSD 1.1_ALPHA (PATTERN) #205: Sat Nov 4 16:38:42 EST 1995 jtk@pattern:/u1/NetBSD-current/src/sys/arch/i386/compile/PATTERN i386


>Description:
	If you try to rsh or rlogin to a NetBSD box from a machine with
no address known to the NetBSD box, rshd or rlogind will call abort()
and terminate.
This yields things like:

% /usr/bin/rsh laptop ps ax
rcmd: laptop.arlington.ma.us: Undefined error: 0

>How-To-Repeat:

Set up a machine on a new IP address not in any hosts file or
nameserver.  try to rlogin from it to a NetBSD machine.  The rshd or
rlogind will call abort() and try to dump core (it may not succeed, though).

>Fix:

Remove the call to abort() from __ivaliduser().  There's a return -1
just after it, so it won't cause any harm to keep going and fail to
grant automatic access.
>Audit-Trail:
>Unformatted: