bash/rlogin can get user id different from NT login.
Corinna Vinschen
cygwin@cygwin.com
Sat Dec 8 04:40:00 GMT 2001
On Fri, Dec 07, 2001 at 05:20:58PM -0500, Fletcher, Bob (GEAE, EB&TS) wrote:
> Hello,
> Consider the following passwd under cygwin: (1.3.)
>
> user1:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
> One:/home/user1:/bin/bash
> user2:This_field_is_not_used_by_cygwin_on_nt/2000/xp:1001:513:User
> Two:/home/user2:/bin/bash
>
> Note that user1 and user2 two have the same UID. (!)
> If I log in to W2000 as user2, and start bash, it thinks that I am user1.
> If user1 was silly enough to
>
> myhosthame user1
> or god forbid
> + user1
>
> in a Unix .rhosts file, I will have access to that account.
That's a problem of rhosts authentication. It's a wide open
security leak. Better use ssh with password or pubkey authentication.
>
> I suppose that the simple answer is "don't do that!". You have to keep
^^^^^^^^^^^^^^
Yep.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list