From owner-freebsd-security@FreeBSD.ORG Mon Jul 10 18:09:57 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0819016A4DE; Mon, 10 Jul 2006 18:09:57 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19E1943D45; Mon, 10 Jul 2006 18:09:56 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6AI9pRM082047 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 10 Jul 2006 14:09:52 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6AI9jtF079185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 10 Jul 2006 14:09:46 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: Brian Candler Date: Mon, 10 Jul 2006 14:09:39 -0400 User-Agent: KMail/1.9.1 References: <200607072030.01999.mi+mx@aldan.algebra.com> <200607101147.34530@aldan> <20060710175059.GA2325@uk.tiscali.com> In-Reply-To: <20060710175059.GA2325@uk.tiscali.com> MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200607101409.40651.mi+mx@aldan.algebra.com> Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV 0.88/1590/Mon Jul 10 01:34:09 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 X-Mailman-Approved-At: Tue, 11 Jul 2006 03:04:55 +0000 Cc: "Simon L. Nielsen" , freebsd-security@freebsd.org, Mikhail Teterin , net@freebsd.org, imp@freebsd.org, Iang Subject: Re: strange limitation on rcmd() X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2006 18:09:57 -0000 понед╕лок 10 липень 2006 13:50, Brian Candler написав: > Well, it's probably worth send-pr'ing it. The rcmdsh() is taken from OpenBSD, I think, and has no room for the stderr. One would need to reimplement something like rcmdsh2() first :-) > I'd first test whether rsh itself forwards stderr properly. Maybe there's > some underlying reason why rcmdsh doesn't have an fd2p argument. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. ssh seems compliant too. The signal-handling is different, though: Interrupt, quit and terminate signals are propagated to the remote command; Whereas with rcmd one just writes the signal number (any signal number) into the fd2 descriptor... I think, rcmd() should just try to connect and leave it to the remote to reject it based on the too-low port number or anything. Another approach would be to use a separate suid utility (Linux has rcmd(1), for example), with semantics more closely matching those of rcmd(3). The reason I like rcmd() is that it lets me send data to a remote machine a) _directly_ from my program; and b) without also implementing the server side. I could achieve both of these with a non-root process by disabling the "isroot" checks inside the rcmd and by configuring the server to accept rcmd from any port. Other approaches require the root's setuid bit on the program, or abandoning the _directness_ of the a) by copying many gigabytes through the client's memory buffers a couple of extra times. -mi