On Monday 10 July 2006 10:17, Simon L. Nielsen wrote:
= Actually it is, but it would obviously be a stupid idea to do so any
= place where privileged ports are required...
It would be. But where they are NOT required, it is stupid to check the
geteuid() inside the client's rcmd :-)
Thank you very much for your explanation, Brian, rsh being an SUID is
something I overlooked.
What I remain upset about, though, is that the rcmdsh(), which is used by
rcmd() ignores the fd2p parameter making it impossible to capture the
remote's stderr...
Yours,
-mi
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
