>Number:         2327
>Category:       misc
>Synopsis:       default hosts.equiv file misconfigured
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people (Misc Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 14 05:35:05 1996
>Last-Modified:
>Originator:     Matthias Scheler
>Organization:
Matthias Scheler
tron@colwyn.owl.de
>Release:        960407
>Environment:
	
System: NetBSD colwyn 1.1B NetBSD 1.1B (COLWYN) #3: Wed Apr 10 11:00:46 MET DST 1996 tron@colwyn:/usr/src/sys/arch/i386/compile/COLWYN i386


>Description:
Yesterday I installed NetBSD 1.1 on an i386 system. This system worked fine
but "rlogin" and "rsh" calls to it took ages. After a while I found the reason:
"hosts.equiv" contained this line:
my_very_good_friend.domain

The NetBSD-1.1 system tried to resolve this name via DNS but because I had no
internet connection it didn't get an answer from the nameserver and waited
until the request timed out.

Because of this effect and the security risks caused by using "hosts.equiv"
I would suggest that the default "hosts.equiv" containts a singe line
with a "-" in it.

>How-To-Repeat:
Try to "rlogin" into a NetBSD system with such a misconfigured "hosts.equiv"
while the nameserver is unreachable.

>Fix:
*** src/etc/hosts.equiv.old	Mon Dec 11 21:08:00 1995
--- src/etc/hosts.equiv	Sun Apr 14 10:57:31 1996
***************
*** 1 ****
! my_very_good_friend.domain
--- 1 ----
! -

>Audit-Trail:
>Unformatted: