This is the mail archive of the
mailing list for the Cygwin project.
Re: login: no shell: /bin/bash: Permission denied
Peter Buckley wrote:
>> Regardless, to me it's still would be a large security hole if all one
>> needs to do is:
>> $ echo "+" > ~/.rhosts
>> to be able to abuse rsh to do something under somebody else's user ID
>> is it not?
> rsh is inherently insecure. Attempts to make it secure are not
> worthwhile (in fact, they tend to break rsh). Especially in the land of
> NT insecurity, trying to make rsh secure simply makes it unusable.
What are you talking about?!? It's simple, if rsh is called with the -l
parameter (assuming the it's not -l <current user>) then prompt for a
password. If that's not doable then fail with an error message of some
sort. But lord's sakes laddy! Don't just let them walk in! :-)
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html