2318 – rexec(3) and in.rexecd implement different protocols.

Bug 2318 - rexec(3) and in.rexecd implement different protocols.

Summary: rexec(3) and in.rexecd implement different protocols.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	rsh
Sub Component:
Version:	5.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	2909 3093 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-04-21 19:42 UTC by ange
Modified:	2008-05-01 15:37 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-05-19 16:19:24 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description ange 1999-04-21 19:42:31 UTC

Firstly, in.rexec in RedHat 5.2 seems to have problems with
the pam securetty entry.  If you change auth required to
auth sufficient, then there is a chance of in.rexec not
failing.

However... the real reason for this bug report is:

If the final argument to rexec(3) is set to 0, then the
rexec library call, and the corresponding in.rexec demon
work apprently OK.

If the final argument to rexec(3) is given as a pointer to
a socket descriptor, in.rexec hangs and never logs in... it
seems to be waiting for more data for somewhere.

Help please!

-- ange.hp.com --

Comment 1 Jeff Johnson 1999-04-21 20:28:59 UTC

*** This bug has been marked as a duplicate of 1696 ***

Comment 2 Jeff Johnson 1999-05-18 16:31:59 UTC

*** Bug 2909 has been marked as a duplicate of this bug. ***

It seems that in.rexecd is buggy and hangs, it can
be reproduced on a base Red Hat 6.0 box with a simple
	rexec -l user -p pass localhost date

Doing an strace on it, we see that the rexec client sends
the port number as the first "argument":
   write(3, "1716\0", 5)                   = 5
and waits for the socket to be created
   accept(4,  <unfinished ...>
while the rexec daemon reads the second argument (user)
*before* creating the socket...

------- Additional Comments From jbj  05/18/99 12:26 -------
As a workaround, add -a to the rexec command line.

------- Additional Comments From jbj  05/18/99 12:27 -------
As a workaround, add -a to the rexec command line.

Comment 3 lionel.cons 1999-05-19 06:48:59 UTC

The workaround sent (-a) doesn't seem to work
for me:
# rexec -a -l root -p rootpass mybox date
mybox.cern.ch: Success
rexec: Error in rexec system call: Success

Comment 4 Jeff Johnson 1999-05-19 16:19:59 UTC

Fixed in.rexecd to repair damage to the rexec protocol when the
last argument to rexec is supplied. The port is sent to the server
which then connects back to the client after which the client
supplies user, password, and command. This is the behavior implemented
on Solaris (by trial) and on FreeBSD (by examining sources). OpenBSD
has an rexecd that is broke the same way that netkit was broke.

Comment 5 Jeff Johnson 1999-05-27 15:53:59 UTC

*** Bug 3093 has been marked as a duplicate of this bug. ***

Redhat is apparently not using the latest netkit. The latest
netkit includes a patch that I contributed that fixes
rexecd.

As soon as I figure out how to submit that patch, I will
send it to you.

Note You need to log in before you can comment on or make changes to this bug.