tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rshd...

On Sun, Jul 15, 2012 at 11:26:13AM +1200, Lloyd Parkes wrote:
> On 15/07/2012, at 10:53 AM, Mouse wrote:
> >> Is there any way at all that anyone can justify shipping rshd and friends 
> >> as$
> > 
> > Why would they need justifying?
> Their security mechanisms aren't actually security, and quite frankly aren't 
> much of a mechanism either. The last thing TNF needs is to have 10,000 NetBSD 
> based consumer NAS boxes start emailing out pharma spam.

This is not really much of an argument - there are dozens of ways that
someone could achieve this scenario including misconfiguring postfix.
You have to turn rexecd on, it is shipped disabled.  As others have
pointed out there are still things that use rsh, being able to do a
remote dump from a legacy system to a tape drive on NetBSD is useful to
some.  The r* commands may have their faults but in some circumstances
they are appropriate.

Personally, I think it arrogant that we (NetBSD) take the nasty sharp
tools away because they are "too dangerous", it sort of implies "no, you
are too stupid to know better so you cannot have these things".

Brett Lymn
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

Home | Main Index | Thread Index | Old Index