On Thu, May 08, 2003 at 01:36:41PM +0100, Andrew Suffield wrote:
> > Sigh, you're obviously trolling.
>
> So that would be a "no", then?
Of course. The rsh protocol does not support any kind of security, if
I'd implement it it wouldn't be rsh anymore.
> Security should be end-to-end, not point-to-point. The sheer number of
> times a site has been compromised because their "secure" network
> wasn't and somebody was using rsh...
I totally agree with that. But this has nothing to do with rsh itself,
it has to do with people using rsh when they should use something
different.
For those people who specifically want to use rsh/rlogin/rcp (because
copying files between slow computers on your private LAN with scp sucks
for instance) I wrote rsh-redone, which fixes non-security related bugs
like failing to handle partial read()s and write()s.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.eu.org>
Attachment:
pgpMv_9BRDVZQ.pgp
Description: PGP signature