On Thu, Mar 01, 2001 at 06:31:49PM +1100, Andrew Tridgell wrote:
> > It would also ease confusion as everybody begins to think "r* means
> > bad security".
>
> I think this argument is a little weak. There are 143 commands
> starting with r on my system. Only 2 or 3 of them suffer from the rsh
> style security problems.
Right, but in particular the network commands that rsync is perceived
to be among. I assume the "r" in rsync was derived from the "r" in rsh
and probably many other people do too.
On Thu, Mar 01, 2001 at 01:16:29PM +1100, Martin Pool wrote:
> On 28 Feb 2001, Dave Dykstra <[EMAIL PROTECTED]> wrote:
...
> I guess this is getting off the track, but I think that is a kind of
> wierd situation. If you're allowing rhosts login for rsh, why not
> allow it for ssh?
It is allowed but the problem is that it takes a while for people to figure
out that they also need to have a "known_hosts" entry for the client machine
because only RhostsRSAAuthentication is allowed. Also, the client isn't
always setuid-root which is also needed for .rhosts.
...
> Why not just do it as a shell script?
>
> #! /bin/sh
> rsync -e ssh "$@"
>
> The GNU Standards (for what they're worth) deprecate having program
> behaviour depend on argv[0], and I'm inclined to agree, especially
> because you're doing to support a program that really should be dead
> by now.
That's an interesting idea that I hadn't thought of for this case. I'm
assuming you mean including that shell script in the standard package and
not just suggesting that people do this on their own. I'll consider it
when I get into it, but I can think of a couple minor disadvantages of
doing it as a shell script:
1. It can be tricky to locate another program sometimes. It's not
always in the PATH. An absolute path can be used but then the
package isn't relocatable without edits and so far the rsync
package is. A counter argument of course is that people could just
edit the script to relocate it.
2. It's slightly slower on startup.
Anybody know GNU's reasons against having program behavior depend on
argv[0]? I guess GNU has had a lot of headaches with people want to
install things with a "g" prefix or not, that might explain it.
- Dave Dykstra
