What to do about rcmdsh(3) ?
Eitan Adler
lists at eitanadler.com
Sun Jul 1 03:42:57 UTC 2018
On 26 June 2018 at 23:45, O'Connor, Daniel <darius at dons.net.au> wrote:
>
>
>> On 27 Jun 2018, at 13:01, Eitan Adler <lists at eitanadler.com> wrote:
>>
>> On 24 June 2018 at 05:14, Konstantin Belousov <kostikbel at gmail.com> wrote:
>>> On Sun, Jun 24, 2018 at 03:32:13AM -0700, Eitan Adler wrote:
>>>> Now that the rcmds are removed from base, it opens a question about
>>>> what to do with rcmdsh(3).
>>>> This is documented as
>>>> rcmdsh ??? return a stream to a remote command without superuser
>>>> And is implemented as a rather simple wrapper of getaddrinfo and exec.
>>>>
>>>> This isn't something I'd imagine we'd add to libc now-a-days and is
>>>> currently broken by default (due to defaulting to _PATH_RSH)
>>>>
>>>> I'm not sure there is much value in keeping this function around. I
>>>> did a rather naive search for uses of this function in ports and
>>>> couldn't find any. I'm preparing a more comprehensive patch for an
>>>> exp-run.
>>> There is a huge value in keeping ABI compatibility. The symbol must be kept.
>>> You may remove default version for the symbol if you are so inclined.
>>
>> I'm new at this. How does one do that?
>
> You could just leave the call, I assume it will fail with an error if rsh isn't in the path.
It will fail unconditionally since the call looks explicitly for
/bin/rsh. Is it wrong to change the implementation to use PATH?I have
not looked closely, but are there security implications to trusting
the environment?
--
Eitan Adler
More information about the freebsd-arch
mailing list