Date: Sat, 20 May 2000 13:00:59 -0600 From: Ronald G Minnich <rminnich@lanl.gov> To: Nick Sayer <nsayer@quack.kfu.com> Cc: hackers@FreeBSD.ORG Subject: Re: rexec as root Message-ID: <Pine.SGI.4.10.10005201259000.275593-100000@acl.lanl.gov> In-Reply-To: <391C12B5.E5A2DCD3@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 May 2000, Nick Sayer wrote: > I would like to gather some opinions in regards to _very slightly_ > backing off > on rexec's security. > > rexec makes the following checks, and refuses to allow usage if any are > true: > > uid == 0 I turned off this check at sarnoff six years ago. rexec allows you to quickly run lots of commands across a cluster, given the right tool (see http:/www.acl.lanl.gov/~rminnich and look at vex). Using rexec I could run commands across a 128-node cluster in less than a second. Nothing I have ever seen is nearly as fast. A secure low-overhead remote exec is the right thing; rexec with uid == 0 disabled is the next-best thing. ron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.4.10.10005201259000.275593-100000>