Re: Security Info (root broken) (fwd)

[mouse () Collatz McRCIM McGill EDU (der Mouse)]

> > I see allowing 'r' commands into your installation as a Bad Thing
> The "r" commands are the most heterogeneous way of providing 8-bit
> connectivity to a system.

Well, for rsh and rcp, I agree.  But rlogin's (ab)use of the urgent
pointer, via the kernel trying to pretend it's an out-of-band channel,
causes me no end of headaches.  (Most recently, rlogin from SunOS 4.1.x
to NetBSD doesn't propagate the window size, and presumably will get a
few other things wrong as well.)  I finally got sufficiently fed up
that I wrote an rlogin-like remote login protocol which uses two
connections, one for data and one for the sort of control information
rlogin uses MSG_OOB for...and I've never had any trouble with it.

I wish nobody had ever even thought of turning the urgent pointer into
an out-of-band channel!  It's hopelessly broken in theory and works in
practice only over fast links with small amounts of data sent over the
out-of-band channel, and even then only when both ends are using
compatible interpretations of where the out-of-band data lies relative
to the urgent pointer.

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu