[2067] in Kerberos-V5-bugs
Re: possible rsh/kshd problem?
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Jul 2 23:31:50 1996
Date: Tue, 2 Jul 1996 23:24:34 -0400
To: Mark Eichin <eichin@cygnus.com>
Cc: Sam Hartman <hartmans@MIT.EDU>, Dave McGuire <mcguire@rocinante.digex.net>,
kerberos@MIT.EDU, krb5-bugs@MIT.EDU, rdist-bugs@usc.edu
In-Reply-To: <xe120iu5gqp.fsf@maneki-neko.cygnus.com>
From: "Richard Basch" <basch@lehman.com>
On , 2-July-1996, "Mark Eichin" wrote to "Sam Hartman, Mark Eichin, Dave McGuire, kerberos@MIT.EDU, krb5-bugs@MIT.EDU, rdist-bugs@usc.edu" saying:
> > It looks like the krb5 kshd only uses pipes if it has to
> > encrypt or if a stderr connection is supplied. I guess this does end
> > up almost always using a pipe.
>
> *Almost* always? I've *never* seen rsh not use a stderr
> connection... with non-kerberized and with v4, there's no way to ask
> to not have one...
>
> > Is it worth our trouble to use socketpair() instead of pipes
> > on operating systems where that is available?
>
> No, because the inconsistency would be even worse. It's not hard to
> fix programs like rdist... and it wouldn't help with getpeername /
> getsockname problem at all (I've just made kshd pass the IP addresses
> down in the environment, because the v4rcp back end needs them to do
> the mutual authentication.)
Actually, if appl/rdist had been based on a more recent rdist source
distribution, it would not have had the problem. We ran into the same
problem at Lehman with our modified rdist, and we simply started
integrating our changes into a more recent version.
> Really, the current rsh should be disposed of -- the easy way would be
> to replace it with a simple gssapi-based app that uses a single
> connection (and quotes the packets, or at least inserts "stream
> change" tokens... but whatever happens, it must have *extensible*
> negotiation.) Sigh.
Or extensions to "telnet"...
--
Richard Basch
Sr. Developer/Analyst, DSO URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 38th Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
