Dave Mitchell davem@iabyn.com writes:
Just as with NFS for example. Is NFS evil too?
Basic NFS is pretty evil. Totally insecure.
Well, it looks like most local traffic here uses evil things :-) I imagine TFTP isn't less evil and perhaps only FTP is worse (cleartext passwords over the wire and firewall problems). And Samba (especially with unencrypted passwords) and X and...
The rsh protocol requires the server to make a second TCP connection back to a low-numbered ephemeral port specified by the client, for the stderr channel.
Nope, that's optional.
If you haven't got a stateful, inspecting firewall, you're hosed.
Even with stderr all you'd need is a simple helper.
Anyway most people use rsh* over physically secure networks. Password-less privileged access with source IP access control over public network? No, thanks.