From owner-cvs-libexec  Sun Feb  9 08:54:35 1997
Return-Path: <owner-cvs-libexec>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id IAA23887
          for cvs-libexec-outgoing; Sun, 9 Feb 1997 08:54:35 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id IAA23772;
          Sun, 9 Feb 1997 08:51:29 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vtcTI-0003nE-00; Sun, 9 Feb 1997 09:51:20 -0700
To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
Subject: Re: cvs commit: src/libexec/rshd rshd.c 
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-libexec@freefall.freebsd.org
In-reply-to: Your message of "Sun, 09 Feb 1997 12:56:59 +0100."
		<Mutt.19970209125659.j@uriah.heep.sax.de> 
References: <Mutt.19970209125659.j@uriah.heep.sax.de>  <199702090416.UAA24278@freefall.freebsd.org> 
Date: Sun, 09 Feb 1997 09:51:20 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vtcTI-0003nE-00@rover.village.org>
Sender: owner-cvs-libexec@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In message <Mutt.19970209125659.j@uriah.heep.sax.de> J Wunsch writes:
: Uh-oh.  Why don't we simply leave all this dreaded work to rsh(1)
: (or ssh(1)), and simply call it from here?

I'm not sure I understand this suggestion.  The rshd daemon needs to
check to make sure that it isn't getting source routed packets (in
case someone turns the kernel blocking off) so that it refused to
accept connections that have come in this way.  We need to do this
because source routed packets allow people to appear to come from
places they aren't really from, effectively laundering the
connection (assuming they have control over at least one machine on
the internet).

I don't see how calling rsh will help to accomplish that goal.  What
am I missing?

Warner