From owner-cvs-libexec  Fri Nov 22 00:59:18 1996
Return-Path: owner-cvs-libexec
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA07010
          for cvs-libexec-outgoing; Fri, 22 Nov 1996 00:59:18 -0800 (PST)
Received: (from pst@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA06993;
          Fri, 22 Nov 1996 00:59:08 -0800 (PST)
Date: Fri, 22 Nov 1996 00:59:08 -0800 (PST)
From: Paul Traina <pst>
Message-Id: <199611220859.AAA06993@freefall.freebsd.org>
To: CVS-committers, cvs-all, cvs-libexec
Subject: cvs commit:  src/libexec/rexecd rexecd.8 rexecd.c
Sender: owner-cvs-libexec@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

pst         96/11/22 00:59:08

  Modified:    libexec/rexecd  rexecd.8 rexecd.c
  Log:
  Back out recent security patch for rexecd.  After more careful analysis,
  it is both uneeded and breaks certain lock-step timing in the rexec
  protocol.
  
  Yes, an attacker can "relay" connections using this trick,  but a properly
  configured firewall that would make this sort of subterfuge necessary in the
  first place (instead of direct packet spoofing) would also thwart useful
  attacks based on this.
  
  Revision  Changes    Path
  1.5       +2 -5      src/libexec/rexecd/rexecd.8
  1.10      +13 -23    src/libexec/rexecd/rexecd.c