LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-25-2002, 09:53 AM   #1
WeNdeL
Member
 
Registered: Oct 2002
Location: At my desk...
Distribution: RedHat, Fedora, Ubuntu
Posts: 344

Rep: Reputation: 30
r command exploit


Can someone explain exactly what threat is posed by using r commands across a network by the root user?

I have read and been told that using r commands across a network is dangerous. I understand that it gives users access to specific commands on specific hosts without being prompted for a password. I understand that if a hacker gets root access on one of my machines(within the confines of my network), he/she can then trash about everything I have via these commands.

What I don't understand is that here at work, we use r commands. I have poured over a lot of our backup scripts that have root creating compressed backups and then a user named "backup" pushing these files(via rcp) to a server designated to store backups.

Why would one do this? Why am I to be worried about having root execute an r command as opposed to a regular user?

Thanks in advance...
 
Old 11-25-2002, 02:17 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Why would one do this?
Because they need root privileges to backup all files, but not for stashing the backups remotely?

Why am I to be worried about having root execute an r command as opposed to a regular user?
For rcommands in general, because of the (lack of) authentication. It's trust model is based on usernames and FQDN's only, unless Kerberos auth is used or tunnelled tru Ssh (using substitutes like scp or slogin). Like telnet it's traffic is sniffable w/o the need for descrambling.
Then there's the unlimited power.
 
Old 11-25-2002, 03:52 PM   #3
WeNdeL
Member
 
Registered: Oct 2002
Location: At my desk...
Distribution: RedHat, Fedora, Ubuntu
Posts: 344

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by unSpawn

Because they need root privileges to backup all files, but not for stashing the backups remotely?
yup... this is the case...

thanks for the explanation!
 
Old 11-26-2002, 12:45 PM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
I dislike the r-commands because they are clear text protocols and the authentication mechanism is very weak. In your case, you are basically providing unauthenticated access for a user named "backup". Given this information, it would be relatively easy for someone on your network to gain access to your backup system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Pentesting with an exploit RIB-EYE Linux - Security 1 10-27-2005 05:24 PM
What exploit is this? Boss Hoss Linux - Security 6 06-11-2004 07:16 PM
EXPLOIT programmin darkseed2g3 Linux - Security 7 10-19-2003 10:31 AM
|more exploit Benamoz Linux - General 3 09-03-2003 05:59 AM
Serv-u v4.0 exploit??? pk21 Linux - Security 2 07-24-2002 05:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration