Very Computer

by **Y. v.d. Ber** » Thu, 02 Oct 1997 04:00:00

Hello all,

I'm using a rsh in a construction of which I'm not sure wheather it
involves some security risks or not. The 'construction':
A cgi script on a Linux (web)server starts a sql script on an other
trusted host using rsh. The cgi user is 'nobody'.
The sql-script runs under a different user (on the other host).
In the .rhosts file I authorized nobody for rsh.

I was wondering if it might be easy for somebody to use nobody
to gane access to the database on the other host. The nobody
account is the Linux default, with an * in the encrypted password
field in the passwd file.

As you can see I'm not to familiar with this stuff.

Thanks,
Yves

by **William R. Matti** » Thu, 02 Oct 1997 04:00:00

> Hello all,

> I'm using a rsh in a construction of which I'm not sure wheather it
> involves some security risks or not. The 'construction':
> A cgi script on a Linux (web)server starts a sql script on an other
> trusted host using rsh. The cgi user is 'nobody'.
> The sql-script runs under a different user (on the other host).
> In the .rhosts file I authorized nobody for rsh.

> I was wondering if it might be easy for somebody to use nobody
> to gane access to the database on the other host. The nobody
> account is the Linux default, with an * in the encrypted password
> field in the passwd file.

> As you can see I'm not to familiar with this stuff.

> Thanks,
> Yves

I would think that it would be preferable to use cgi-wrap the execute
the cgi script(s) as a user that then rsh's to the other system. I took
this approach after convincing myself that the other was just too risky.

Regards
Bill

PS: If you need cgi-wrap and can't find it via a search engine let me
know and I will mail it to you.

--
William R. Mattil | Fred Astaire wasn't so great.

(972) 256-3219 | and... in high heels.

Very Computer

Save construction?

Save construction?

Save construction?