[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#192416: ITP: rsh-redone -- Reimplementation of remote shell tools.

On Thu, May 08, 2003 at 01:36:41PM +0100, Andrew Suffield wrote:
> On Thu, May 08, 2003 at 01:24:58PM +0200, Guus Sliepen wrote:
> > On Thu, May 08, 2003 at 01:56:18PM +0300, Lars Wirzenius wrote:
> > 
> > > > Rsh-redone is a reimplementation of the remote shell clients and
> > > > servers.  It is written from the ground up to avoid the bugs found in
> > > > the standard clients and servers.
> > > 
> > > Such as transmitting passwords in cleartext or relying on IP numbers for
> > > authentication?
> > 
> > Sigh, you're obviously trolling.
> So that would be a "no", then?
> > If you have a network that is already
> > secure (for example, behind a decent firewall, or a VPN), using ssh only
> > means lots of unnecessary overhead. The lack of security in rsh is not a
> > bug, it is just the way it is supposed to work.
> Security should be end-to-end, not point-to-point. The sheer number of
> times a site has been compromised because their "secure" network
> wasn't and somebody was using rsh...

So if you are consequent, we should immediately stop distributing ftp,
mail servers and clients that send clear text mails, web servers and
browsers, etc...

> People who can create a genuinely secure network are invited to start
> a consultancy firm; they could make millions.

It should be enough to give a warning in the description.

This rsh replacement would make sense if CPU time is crucial, eg. for 
small, embedded devices, or if you want to copy files over a Gigabit 

Personally, I use scp even for iso images. Nevertheless, I still think 
such a package does make sense.


 : :' :    Oliver Kurth oku@debian.org
 `. `'           Debian GNU/Linux maintainer - www.debian.org

Attachment: pgpHbsaVbDuN6.pgp
Description: PGP signature

Reply to: