OpenSSH/scp ->> F-Secure SSH server Problems

Damien Miller djm at mindrot.org
Fri Mar 16 10:23:19 EST 2001


On Thu, 15 Mar 2001, Greg A. Woods wrote:

This will be my last post on this subject.

> Ben, that's almost exactly what I said, but only from the opposite
> perspective!  The current subsystem naming scheme does *NOT* allow the
> administrator to control what service is expected under which name!  The
> administrator *MUST* adhere to either a given implementation, or if a
> central naming authority is defined, then to that authority, or else
> face inter-operability problems!

Just like there is no way for a system administrator to force other
to run smtp on port 25 (for example). If you do something stupid, like
diddle with well known assignments, of course you are going to break
stuff.

> > By the fact no one is requiring you to register your program name with
> > an IANA type group you can still have pure chaos.
>
> Exactly!  That's why the "built-in subsystem" feature is a wart!
> There's no way to enforce implementations to honour the registered
> names!

So what? If people want to break there systems, then we shouldn't
stop them. Unix provides no way to _force_ people not to rename 'rm'
to 'ls' either and it still works pretty well - people don't do it
becuase it is _stupid_ to mess with well-known names.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer






More information about the openssh-unix-dev mailing list