From: Warner Losh (imp@boulder.parcplace.com)
Date: 07/31/93

Next message: Eugene Kim: "changing bash to "bash -noprofile""
Previous message: Warner Losh: "Re: Undelete for linux?"
Next in thread: Thomas Aaron Insel: "Re: rsh: "rcmd: socket: Permission denied""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

From: imp@boulder.parcplace.com (Warner Losh)
Subject: Re: rsh: "rcmd: socket: Permission denied"
Date: Sat, 31 Jul 1993 05:36:51 GMT

In article <23broe$9v0@europa.eng.gtefsd.com> niemidc@oasis.gtefsd.com writes:
>>rsh should be installed setuid(root)
>This will make things work, but it is a security hole big enough to fly a
>747 through, just in case you care.

How so?

rsh needs to be root so it can bind to that special socket range that
only root can bind to. It doesn't make the user root, or make your
machine less secure. What am I missing here? rsh is designed to be
setuid root.....

Warner

-- 
Warner Losh             imp@boulder.parcplace.COM       ParcPlace Boulder
I've almost finished my brute force solution to subtlety.

Next message: Eugene Kim: "changing bash to "bash -noprofile""
Previous message: Warner Losh: "Re: Undelete for linux?"
Next in thread: Thomas Aaron Insel: "Re: rsh: "rcmd: socket: Permission denied""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]