Re: I think, rsh is quite obsolete

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dave Mitchell <davem@xxxxxxxxx> writes:

>> Just as with NFS for example. Is NFS evil too?
>
> Basic NFS is pretty evil. Totally insecure.

Well, it looks like most local traffic here uses evil things :-)
I imagine TFTP isn't less evil and perhaps only FTP is worse
(cleartext passwords over the wire and firewall problems). And
Samba (especially with unencrypted passwords) and X and...

> The rsh protocol requires the server to make a second TCP connection back
> to a low-numbered ephemeral port specified by the client, for the stderr
> channel.

Nope, that's optional.

> If you haven't got a stateful, inspecting firewall, you're hosed.

Even with stderr all you'd need is a simple helper.

Anyway most people use rsh* over physically secure networks.
Password-less privileged access with source IP access control over
public network? No, thanks.
-- 
Krzysztof Halasa

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Index of Archives]     [GCC Help]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Home]     [Fedora Config]     [PAM]     [Red Hat 9]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux