|
|
S-214: SurgeMail and WebMail 'Page' Command Vulnerability
|
|
rsh(1) General Commands Manual rsh(1) NAME
rsh - Executes the specified command at the remote host or logs into a remote host SYNOPSIS
rsh [-dn] [-l user] remote_host [command] [argument...] The remote shell command (rsh) executes command at the remote_host, or, if no command is specified, logs into remote_host. OPTIONS
Turns on socket debugging (using setsockopt()) on the TCP sockets used for communication with the remote host. Specifies that rsh is to log into the remote host as user instead of the local username. If this option is not specified, the local and remote usernames are the same. Specifies that rsh is to ignore input from STDIN. Use this option if you put rsh in the background without redirecting its input away from the terminal. If you do not use this option in this situation, rsh blocks even if no reads are posted by the remote command. DESCRIPTION
The rsh command sends standard input from the local host to the remote command and receives standard output and standard error from the remote command. If you do not specify a command, rsh executes rlogin instead. If you do not specify the -l option, the local username is used at the remote host. If -l user is entered, the specified username is used at the remote host. In either case, the remote host allows access only if at least one of the following conditions is satisfied: The local user ID is not superuser, and the name of the local host is listed as an equivalent host in the remote /etc/hosts.equiv file. If either the local user ID is superuser or the check of /etc/hosts.equiv fails, the remote user's home directory must contain a $HOME/.rhosts file that lists the local host and username. For security reasons, any $HOME/.rhosts file must be owned by either the remote user or the root user, and should have permissions set to 600 (read and write by owner only). In addition to the preceding conditions, rsh also allows access to the remote host if the remote user account does not have a password defined. However, for security reasons, use of a password on all user accounts is recommended. While the remote command is executing, pressing the Interrupt, Terminate, or Quit key sequences sends the corresponding signal to the remote process. However, pressing the Stop key sequence stops only the local process. Normally, when the remote command terminates, the local rsh process terminates. To have shell metacharacters interpreted on the remote host, place the metacharacters inside (double quotes). Otherwise, the metacharac- ters are interpreted by the local shell. RESTRICTIONS
The rsh command is confused by output generated by commands in a file on the remote host. In particular, the messages, where are you? and stty: Can't assign requested address can result if output is generated by the startup file. EXAMPLES
In the following examples, the local host host1 is listed in the /etc/hosts.equiv file at the remote host host2. To check the amount of free disk space on the remote host host2, enter: $ rsh host2 df To append a remote file to another file on the remote host, place the >> metacharacters in (double quotes): $ rsh host2 cat test1 ">>" test2 To append a remote file at the remote host to a local file, omit the double quotes: $ rsh host2 cat test2 >> test3 To append a remote file to a local file and use a remote user's permissions at the remote host, use the -l option: $ rsh host2 -l jane cat test4 >> test5 FILES
Specifies remote hosts from which users can execute commands on the local host (provided these users have an account on the local host). Specifies remote users that can use a local user account. SEE ALSO
Commands: rcp(1), rlogin(1), rshd(8), telnet(1) Functions: rexec(3) Files: rhosts(4) rsh(1)
