[OpenAFS-devel] How can I use rsh to connect with AFS
Charles Clancy
security@xauth.net
Tue, 15 Jan 2002 15:12:22 -0600 (CST)
> > OpenAFS doesn't build the r* or inetd by default...
>
> --enable-insecure is needed at configure time to enable them, and that
> option name is deliberate. Consider implications carefully before using
> them
Is your hesitance to use these utilities simply because they are as
insecure as the standard r* utils, or are they particularly more insecure
in some way? I thought someone had mentioned a while back that they
hadn't been maintained, and were probably riddled with buffer overflows
(like the ftpd-glob thing last year).
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy