From 20f40c745e984ee525dc5873bfb792d24da50259 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 15 Jun 1997 05:10:40 +0000 Subject: rshd should give the same error message when the user doesn't exist as for when there is no .rhosts/hosts.equiv. With a different error message an information gathering attack can be done. Noted by David Holland . --- libexec/rshd/rshd.8 | 7 +++---- libexec/rshd/rshd.c | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8 index 8af0725bd02..83a0252075f 100644 --- a/libexec/rshd/rshd.8 +++ b/libexec/rshd/rshd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)rshd.8 8.1 (Berkeley) 6/4/93 -.\" $Id: rshd.8,v 1.2 1996/07/13 11:23:17 deraadt Exp $ +.\" $Id: rshd.8,v 1.3 1997/06/15 05:10:39 millert Exp $ .\" .Dd June 4, 1993 .Dt RSHD 8 @@ -188,14 +188,13 @@ longer than 16 characters. .It Sy Command too long . The command line passed exceeds the size of the argument list (as configured into the system). -.It Sy Login incorrect. -No password file entry for the user name existed. .It Sy Remote directory. The .Xr chdir command to the home directory failed. .It Sy Permission denied. -The authentication procedure described above failed. +The authentication procedure described above failed or +there is no password file entry for the specified user. .It Sy Can't make pipe. The pipe needed for the .Em stderr , diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c index a825e70a61e..694f2bb4550 100644 --- a/libexec/rshd/rshd.c +++ b/libexec/rshd/rshd.c @@ -39,7 +39,7 @@ static char copyright[] = #ifndef lint /* from: static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; */ -static char *rcsid = "$Id: rshd.c,v 1.16 1997/02/13 22:32:46 deraadt Exp $"; +static char *rcsid = "$Id: rshd.c,v 1.17 1997/06/15 05:10:39 millert Exp $"; #endif /* not lint */ /* @@ -426,7 +426,7 @@ doit(fromp) "%s@%s as %s: unknown login. cmd='%.80s'", remuser, hostname, locuser, cmdbuf); if (errorstr == NULL) - errorstr = "Login incorrect.\n"; + errorstr = "Permission denied.\n"; goto fail; } -- cgit v1.2.3