Subject: Re: Policy questions
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: John Hawkinson <jhawk@MIT.EDU>
List: tech-userlevel
Date: 01/02/2004 10:26:37
Manuel Bouyer <bouyer@antioche.lip6.fr> wrote on Wed, 31 Dec 2003
at 16:14:08 +0100 in <20031231151408.GE339@antioche.eu.org>:
> > * Have we considered removing r{sh,cmd,cp} from the base distribution?
> > They are of dubious security and utility, and, I think, OpenBSD has
> > already ditched them.
>
> They're extremely usefull on fast local networks, where security may
> not matter that much, and use them daily. On a 100Mb/s network, rsh can
> transfers data at more than 10MB/s where ssh is limited to 2MB/s. I really
> object to removing them from the base system.
I think this means we need better tools.
Unprivileged users should be able to do ad-hoc unencrypted file
transfers without compromising their accounts, regardless of whether
there's a "secure" local network.
When I've had this need, I end up kludging something with tar and
netcat on both ends, but it's not very satisfactory, especially since
netcat's semantics combine the idea of timeouts with exitting when the
connection closes (i.e. "-w secs").
It would be nice to have sufficient tools in the base system
to do this kind of thing.
(When I say "unprivileged users," I rule out NFS, or daemons that
might not be configured on the machine, e.g. ftpd (probably insecure
anyhow, unless you're using kerberos).)
--jhawk