Skip Menu |
 

Download (untitled) / with headers
text/plain 2.6KiB
From willf@alton.central.sun.com Thu Jun 20 13:06:00 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id NAA28214
for <bugs@RT-11.mit.edu>; Thu, 20 Jun 2002 13:06:00 -0400 (EDT)
Received: from kathmandu.sun.com (kathmandu.sun.com [192.18.98.36])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id NAA17890
for <krb5-bugs@mit.edu>; Thu, 20 Jun 2002 13:05:59 -0400 (EDT)
Received: from engmail2.Eng.Sun.COM ([129.146.1.25])
by kathmandu.sun.com (8.9.3+Sun/8.9.3) with ESMTP id LAA04640
for <krb5-bugs@mit.edu>; Thu, 20 Jun 2002 11:05:58 -0600 (MDT)
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
by engmail2.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.1p1) with ESMTP id KAA22886
for <krb5-bugs@mit.edu>; Thu, 20 Jun 2002 10:05:57 -0700 (PDT)
Received: (from willf@localhost)
by alton.central.sun.com (8.10.2+Sun/8.10.2) id g5KH5tT10165;
Thu, 20 Jun 2002 12:05:55 -0500 (CDT)
Message-Id: <200206201705.g5KH5tT10165@alton.central.sun.com>
Date: Thu, 20 Jun 2002 12:05:55 -0500 (CDT)
From: william.fiveash@sun.com
Reply-To: william.fiveash@sun.com
To: krb5-bugs@mit.edu
Subject: rsh command in clear, docs need to warn user
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 1120
>Category: krb5-doc
>Synopsis: docs should warn about rsh -x sending command in the clear
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: doc-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 20 13:07:00 EDT 2002
>Last-Modified:
>Originator: William Fiveash
>Organization:
Sun Microsystems
Show quoted text
>Release: krb5-1.2.5
>Environment:

System: SunOS alton 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
>Description:
I was doing some kerberized rsh testing using MIT 1.2.5 and I noticed
when doing:

/usr/local/bin/rsh -x myhost.com 'echo hello'

that the 'echo hello' command is sent in the clear to the remote host
even though I specified the -x flag (encrypt network session data).
Is this expected behavior? If so, it seems to me that the rsh man
page and the string output by rsh, "This rsh session is using DES
encryption for all data transmissions.", should mention the command is
being sent in the clear.

Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:

Change the string output by rsh:
"This rsh session is using DES encryption for all data transmissions."
to something that mentions the command is being sent in the clear. Also
change the man page for rsh where it describes the -x option to mention
the command is sent in the clear.
Show quoted text
>Audit-Trail:
>Unformatted:
Manpage already fixed; will be in krb5-1.3. It's unclear how much
priority we should put on updating the "using encryption" message output
by the program, but it's late enough in the release process that I'd
defer it to a later release.