Date: Sat, 30 Jun 2018 20:42:24 -0700 From: Eitan Adler <lists@eitanadler.com> To: "O'Connor, Daniel" <darius@dons.net.au> Cc: Konstantin Belousov <kostikbel@gmail.com>, "freebsd-arch@freebsd.org" <arch@freebsd.org> Subject: Re: What to do about rcmdsh(3) ? Message-ID: <CAF6rxgmJZyivZtQDKnUa12DJ5PqWVp40wOQg5Wt8zJWeuUUJYg@mail.gmail.com> In-Reply-To: <27EE2F1E-245C-4D97-97DE-65E9DA133AF1@dons.net.au> References: <CAF6rxg=LbpQ1NfLQN%2B6hH61HusTdZ8hiuFfxXKb5sU_8oidROw@mail.gmail.com> <20180624121412.GY2430@kib.kiev.ua> <CAF6rxgkyLFwrLFUH3sRTPDMMcUHJEWo6tG6BKdW8h0X2E9xzgg@mail.gmail.com> <27EE2F1E-245C-4D97-97DE-65E9DA133AF1@dons.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26 June 2018 at 23:45, O'Connor, Daniel <darius@dons.net.au> wrote: > > >> On 27 Jun 2018, at 13:01, Eitan Adler <lists@eitanadler.com> wrote: >> >> On 24 June 2018 at 05:14, Konstantin Belousov <kostikbel@gmail.com> wrote: >>> On Sun, Jun 24, 2018 at 03:32:13AM -0700, Eitan Adler wrote: >>>> Now that the rcmds are removed from base, it opens a question about >>>> what to do with rcmdsh(3). >>>> This is documented as >>>> rcmdsh ??? return a stream to a remote command without superuser >>>> And is implemented as a rather simple wrapper of getaddrinfo and exec. >>>> >>>> This isn't something I'd imagine we'd add to libc now-a-days and is >>>> currently broken by default (due to defaulting to _PATH_RSH) >>>> >>>> I'm not sure there is much value in keeping this function around. I >>>> did a rather naive search for uses of this function in ports and >>>> couldn't find any. I'm preparing a more comprehensive patch for an >>>> exp-run. >>> There is a huge value in keeping ABI compatibility. The symbol must be kept. >>> You may remove default version for the symbol if you are so inclined. >> >> I'm new at this. How does one do that? > > You could just leave the call, I assume it will fail with an error if rsh isn't in the path. It will fail unconditionally since the call looks explicitly for /bin/rsh. Is it wrong to change the implementation to use PATH?I have not looked closely, but are there security implications to trusting the environment? -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgmJZyivZtQDKnUa12DJ5PqWVp40wOQg5Wt8zJWeuUUJYg>