|
List Info Thread: I think, rsh is quite obsolete
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
I think, rsh is quite obsolete |
|
List Info Thread: I think, rsh is quite obsolete
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
iabyn.com> writes:
>> Just as with NFS for example. Is NFS evil too?
>
> Basic NFS is pretty evil. Totally insecure.
Well, it looks like most local traffic here uses evil things
I imagine TFTP isn't less evil and perhaps only FTP is worse
(cleartext passwords over the wire and firewall problems).
And
Samba (especially with unencrypted passwords) and X and...
> The rsh protocol requires the server to make a second
TCP connection back
> to a low-numbered ephemeral port specified by the
client, for the stderr
> channel.
Nope, that's optional.
> If you haven't got a stateful, inspecting firewall,
you're hosed.
Even with stderr all you'd need is a simple helper.
Anyway most people use rsh* over physically secure networks.
Password-less privileged access with source IP access
control over
public network? No, thanks.
--
Krzysztof Halasa
--
fedora-devel-list mailing list
fedora-devel-list