[OpenAFS-devel] How can I use rsh to connect with AFS
Neulinger, Nathan
nneul@umr.edu
Tue, 15 Jan 2002 15:21:06 -0600
I don't remember for certain, but I know many of those types of tools passed
the token over the net in the clear - they didn't actually use kerberos
ticket forwarding. They just did a GetToken, and wrote the token over the
socket to the remote connection, which did a SetToken.
And yeah, they are probably riddled with buffer overflows as well.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Charles Clancy [mailto:security@xauth.net]
> Sent: Tuesday, January 15, 2002 3:12 PM
> To: openafs-devel@openafs.org
> Subject: Re: [OpenAFS-devel] How can I use rsh to connect with AFS
>
>
> > > OpenAFS doesn't build the r* or inetd by default...
> >
> > --enable-insecure is needed at configure time to enable
> them, and that
> > option name is deliberate. Consider implications carefully
> before using
> > them
>
> Is your hesitance to use these utilities simply because they are as
> insecure as the standard r* utils, or are they particularly
> more insecure
> in some way? I thought someone had mentioned a while back that they
> hadn't been maintained, and were probably riddled with buffer
> overflows
> (like the ftpd-glob thing last year).
>
> --
> t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>