strange limitation on rcmd()
Mikhail Teterin
mi+kde at aldan.algebra.com
Mon Jul 10 15:47:36 UTC 2006
On Monday 10 July 2006 10:17, Simon L. Nielsen wrote:
= Actually it is, but it would obviously be a stupid idea to do so any
= place where privileged ports are required...
It would be. But where they are NOT required, it is stupid to check the
geteuid() inside the client's rcmd :-)
Thank you very much for your explanation, Brian, rsh being an SUID is
something I overlooked.
What I remain upset about, though, is that the rcmdsh(), which is used by
rcmd() ignores the fd2p parameter making it impossible to capture the
remote's stderr...
Yours,
-mi
More information about the freebsd-security
mailing list