Date: Sun, 1 Jul 2018 17:10:02 +0930 From: "O'Connor, Daniel" <darius@dons.net.au> To: Eitan Adler <lists@eitanadler.com> Cc: Konstantin Belousov <kostikbel@gmail.com>, "freebsd-arch@freebsd.org" <arch@freebsd.org> Subject: Re: What to do about rcmdsh(3) ? Message-ID: <6445FBC9-98CF-4AD7-AAB6-5091E1445A52@dons.net.au> In-Reply-To: <CAF6rxgmJZyivZtQDKnUa12DJ5PqWVp40wOQg5Wt8zJWeuUUJYg@mail.gmail.com> References: <CAF6rxg=LbpQ1NfLQN%2B6hH61HusTdZ8hiuFfxXKb5sU_8oidROw@mail.gmail.com> <20180624121412.GY2430@kib.kiev.ua> <CAF6rxgkyLFwrLFUH3sRTPDMMcUHJEWo6tG6BKdW8h0X2E9xzgg@mail.gmail.com> <27EE2F1E-245C-4D97-97DE-65E9DA133AF1@dons.net.au> <CAF6rxgmJZyivZtQDKnUa12DJ5PqWVp40wOQg5Wt8zJWeuUUJYg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 1 Jul 2018, at 13:12, Eitan Adler <lists@eitanadler.com> wrote: >> You could just leave the call, I assume it will fail with an error if = rsh isn't in the path. >=20 > It will fail unconditionally since the call looks explicitly for > /bin/rsh. Is it wrong to change the implementation to use PATH?I have > not looked closely, but are there security implications to trusting > the environment? Hmm I see.. I think it could still be OK if the hypothetical rsh port had an option = to add a symlink to /bin. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6445FBC9-98CF-4AD7-AAB6-5091E1445A52>