Re: rwhod

[joey@finlandia.infodrom.north.de (Martin Schulze)]

Joey Hess writes:

> > I believe there are security concerns.  Via rwho protocol your machine
> > distributes information on who is logged in.  So you are able to play
> > big brother and generate personal profiles for instance.
> 
> According to the man page:
> 
>      Rwhod operates as both a producer and consumer of status information. As
>      a producer of information it periodically queries the state of the system
>      and constructs status messages which are broadcast on a network.  As a 
>      consumer of information, it listens for other rwhod servers' status mes­
>      sages, validating them, then recording them in a collection of files lo­
>      cated in the directory /var/spool/rwho.
> 
> Since broadcast packets shouldn't leave your local network, I don't think
> that anyone in the outside world can listen in on the rwho messages, so I
> _think_ it's safe for use if you trust all the hosts on your subnet.

Would you like to define "local network" please?

Just to tell you what I mean:

My "local network" (although it consists of 14 parts) is located
in a student's home and consists of both Infodrom Oldenburg
(*.infodrom.north.de) and the student's LAN.  There are about 70
machines here at the moment, including a Debian development machine
soon.

Using rwhod I as a user of rwho and ruptime am able to see when
people get up and work on their machines when they leave for
sleep, shopping or whatever.  At least on the Linux machines.

Don't you admit that such information could be confidential?

Regards

	Joey

-- 
  / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg /
 / This copy of Netscape has expired.  -- Netscape               /
/                    Ein weiterer Grund Mosaic zu benutzen. :-( /


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .