Re: I think, rsh is quite obsolete

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 14, 2006 at 05:12:58PM +0800, David Woodhouse wrote:
> On Tue, 2006-11-14 at 00:56 +0000, Dave Mitchell wrote:
> > > Of course it does. It can't work with dynamic NATs as it uses IP
> > > (and reserved TCP port) for access check but rsh is just a simple
> > > TCP connection to a well-known port.
> > 
> > The rsh protocol requires the server to make a second TCP connection back
> > to a low-numbered ephemeral port specified by the client, for the stderr
> > channel. If you haven't got a stateful, inspecting firewall, you're hosed. 
> 
> Why do you say such a thing? I don't have a stateful, inspecting
> firewall -- but rsh seems to work fine.
> 
> In fact, I don't have a firewall at all -- firewalls just break things.
> In general, firewalls are a band-aid to patch over broken software; a
> poor substitute for proper security.

The original point being made was that rsh won't work with a simple
firewall. You either have to turn the firewall off, or install a complex
firewall (that may then have its own security problems).

-- 
In my day, we used to edit the inodes by hand.  With magnets.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Index of Archives]     [Fedora Users]     [Fedora Packaging]     [Fedora Desktop]     [PAM]     [Big List of Linux Books]     [Gimp]     [Yosemite News]