SUMMARY: REXEC on solaris

From: WUTAO (wutao@earthlink.net)
Date: Thu May 11 2000 - 21:26:39 CDT


Thanks to all who responded and offered their advice. Special Thanx to:
Martin Scerri
MONO@etoy
Michael Salehi
Tim Evans
Danny Johnson
Jeff Kennedy
Dan@dtn

The over all consensus was that not having firewall is a bad thing, and that
running ANY “R” command without a firewall is asking for trouble. (I
passed some of your responses up to MGT, and was informed that a firewall
selection has been made. What it is I do not know. )

Here are some brief responses:

Tims;
Don't run it; it is highly insecure. In fact, with no firewall, you should
also not run a lot of other services, including nfs, rsh/rlogin. Read the
comments in /etc/inetd.conf. You might also want to pick up a copy of Peter
Gregory's book, _Solaris Security_ for a lot of tips and howto's.

Jeffs;
The r commands (rsh, rlogin, rexec) allow users to run shells, logins,
and execute commands on a remote system. If hosts.equiv or. Rhosts
files are in place they can do it without a password. We use these
services but are working towards removing them completely. We have a
firewall and still don't want these services hanging around.

Michael;
Rexec is on most Unix boxes and it offers a bin more security than
rshd.There are versions that require kerberos authentication, but the one
sun offers requires /etc/passwd and nis/nis+ authentication. It gives the
capability to run remote programs but it has not been the major source of
breaks ins.

MONO;
you should disable *all* r-services anyway ..... there are dozens of
root-compromise exploits.... and rexec is the worst of all...... don't
even think of such a thing, if you are even minimally concerned about
security of your systems/network... really.

Martin Scerri;(Thanx for the other advice)

http://pinatubo.cs.uiuc.edu/~beckman/NCSA/services/rexecd.html
(NCSA Guide to Security: rexec)

http://www.cert.org/tech_tips/root_compromise.html
if you allow the "r-commands" (rlogin, rsh, rexec), ensure that there is
nothing that does not belong in /etc/hosts.equiv or in any .rhosts files.

Resources that have been suggested:
http://www.insecure.org
http://rootshell.org
http://securify.packetstorm.com

Again Thank You for your help to a Newbie



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:07 CDT