[1606] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Re: Security Concern..

daemon@ATHENA.MIT.EDU (David Holland)
Thu Sep 18 19:11:59 1997

From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Thu, 18 Sep 1997 14:10:40 -0400 (EDT)
In-Reply-To: <199709162350.TAA18949@tenchi.myrus.com> from "Zygo Blaxell" at Sep 16, 97 07:50:36 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

 > >> >-rwsr-xr-x   1 root     bin         13937 Dec  5  1995 /usr/bin/rcp
 > >> and also this one
 > >
 > >losing rcp functionality.
 > 
 > Nope.  'rcp' calls the privileged 'rsh' to perform the actual protocol.
 > 'rcp' itself doesn't need privileges at all, and IIRC it tries to throw
 > them away if it discovers that it has them.

I wish. It uses rcmd().

The long term solution to this problem is to change rcmd() to call
"/usr/bin/rsh" (which can easily be made a symlink to some more useful
equivalent like ssh) and compile the actual rcmd() functionality into
rsh itself. This is probably easier than modifying a bunch of silly
programs that like to use rcmd() [rexec() should probably be treated
similarly...]  I'm willing to tackle this if the libc maintainers are. 

Alternatively, I'd be more than happy to take patches to fix rcp to
call rsh.

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino


home help back first fref pref prev next nref lref last post