Date: Tue, 18 Apr 2000 20:55:43 -0500 From: "C. Stephen Gunn" <csg@waterspout.com> To: freebsd-arch@freebsd.org Subject: Re: Outdated rdist in FreeBSD Base Message-ID: <200004190155.UAA05370@dustdevil.waterspout.com> In-Reply-To: Your message of "Tue, 18 Apr 2000 22:46:32 %2B0100." <200004182146.WAA00579@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Apr 2000 22:46:32 +0100, Brian Somers wrote: > It's been a while, but AFAIR I needed to install rdist6 because I > *couldn't* run rdist over ssh ! I know rdist6 works pretty well over ssh. > I think that big gaping hole is an anti-hole ! I just checked the FreeBSD repo and found this log message: ---------------------------- revision 1.5 date: 1996/08/10 07:54:12; author: peter; state: Exp; lines: +60 -5 Remove the need for rdist(1) to run setuid, thus completely closing any possibility of a security hole. It now does what rdist-6 does, and calls /usr/bin/rsh if not running as root. There are NO protocol changes, this is 100% compatable with the old rdist, except that it does not need setuid root privs. However, there are some minor differences to the base rdist-6 code in that if it is being run by root, it will call rcmd(3) directly rather than piping everything through rsh(1). This is a little more efficient as it doesn't involve context switching on pipe reads/writes. Also, the -P option was added from rdist-6.1.2, which allows an alternative rsh program to be specified, such as ssh. Note that it requires the fixes to the ssh port to disable the unconditional USE_PIPES option that was recently added. The rcmd(3) optimisation is disabled if a non-rsh program is speficied. ---------------------------- Looks like our rdist(1) was safer/smarter than I thought as well. - Steve -- C. Stephen Gunn URL: http://www.waterspout.com/ WaterSpout Communications, Inc. Email: csg@waterspout.com 427 North 6th Street Phone: +1 765.742.6628 Lafayette, IN 47901 Fax: +1 765.742.0646 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004190155.UAA05370>