Date: Sun, 09 Feb 1997 09:51:20 -0700 From: Warner Losh <imp@village.org> To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-libexec@freefall.freebsd.org Subject: Re: cvs commit: src/libexec/rshd rshd.c Message-ID: <E0vtcTI-0003nE-00@rover.village.org> In-Reply-To: Your message of "Sun, 09 Feb 1997 12:56:59 %2B0100." <Mutt.19970209125659.j@uriah.heep.sax.de> References: <Mutt.19970209125659.j@uriah.heep.sax.de> <199702090416.UAA24278@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Mutt.19970209125659.j@uriah.heep.sax.de> J Wunsch writes: : Uh-oh. Why don't we simply leave all this dreaded work to rsh(1) : (or ssh(1)), and simply call it from here? I'm not sure I understand this suggestion. The rshd daemon needs to check to make sure that it isn't getting source routed packets (in case someone turns the kernel blocking off) so that it refused to accept connections that have come in this way. We need to do this because source routed packets allow people to appear to come from places they aren't really from, effectively laundering the connection (assuming they have control over at least one machine on the internet). I don't see how calling rsh will help to accomplish that goal. What am I missing? Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vtcTI-0003nE-00>