"hosts allow" secure?
dwd at bell-labs.com
Thu Jan 3 09:44:45 EST 2002
On Sun, Dec 30, 2001 at 05:32:28AM -0500, Philip Mak wrote:
> How secure is "hosts allow"?
> I have "hosts allow = bkup" in my rsyncd.conf. Then in /etc/hosts I have:
> 220.127.116.11 bkup
> This makes only 18.104.22.168 able to connect to rsync.
> Could someone spoof their hostname somehow to trick rsync into letting
> them in, though? e.g. If they reverse DNS says that they're called "bkup".
In general somebody could spoof the DNS, although not if you have it in
/etc/hosts like that (assuming /etc/nsswitch.conf is set to give priority
to files over dns). If the bkup machine is on the same subnet in a secured
machine room, it's also pretty unlikely that somebody would be able to hijack
a live session. However, if you're going over a long distance network it's
vulnerable. There's no host verification or session integrity. If you can,
This is really no different than tcp wrappers.
- Dave Dykstra
More information about the rsync