On Mon, Sep 22, 1997 at 11:32:12PM -0400, David Holland
wrote:> It seems that when you send rwhod an rwho packet, it blindly assumes
> you are who the packet says you are. That is to say, it looks as if
> any host can inject false rwho data for any other host.
I looked into rwhod recently because I was worried about hostnames
like ../../../etc/passwd. Fortunately, linux rwhod checks for these.
Concerning hostname spoofing: rwhod checks that the sender''s UDP port
is 513. So you have to be root in order to spoof it, which is not much
different from doing it at the IP level.
> I''m not convinced this is worth fixing.
It isn''t.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de +-------------------- Why Not?! -----------------------