> But you have to ask yourself a few questions...
> 1. Who the hell uses rhost auth anymore?
> 2. Being that mdk's target audience is the desktop user, are they ever
> going to encounter a situation where they need rhost functionality?
> 3. Why rsh when there's ssh?
> The questions could go on...
> But I think the only people who might actually need to rsh, would be
> knowledgeable enough to know how to do a 'chmod +s foo'.
>
> Like I said, ssh really doesn't need to be setuid either, unless you
> specifically need to use rhost auth, but refer above for all that info.
>
> This is arguable, but I think the sane and logical choice to make is to
> strip all these of their setuid bits.
>
That's something done in good faith, but my argument is not what you are going
to do with it but you're going to break protocol specifications if you do this.
Anyway that my personal (biased) opinion, something done in good faith vs
what it's supposed to be like.
- G.
