> The r utilities are open to security holes because of the trust factor
> involved. Telnet is a little bit better, but you should use tcpwrappers
> with it.
The counter argument to this is that they are not as big a security hole
as telnet because telnet forces the user to type in a password, which is
then sent over the network in clear text. In order for rlogin (or and
of the other r utilities) to be a security hole one would have to :
1. know that a particular user allows a user (typically themselves) on
another machine into their account.
2. either break into that account, or spoof the IP address of that
machine and pretend to be that user.
- if someone breaks into your account you are probably in trouble anyway
- spoofing IP addresses over the Internet while entirely possible, is
not all that frequent (or am I hopelessly deluded?)
Just being "devil's advocate."