rsm@amethyst.ma.arizona.edu (Robert Maier) (12/04/88)
I recently dug into the BSD4.3 versions of rlogin.c and rlogind.c, and among other things figured out the (undocumented?) RLOGIN protocol. Once the TCP/IP connection between server and client has been initialized, it is only used to transfer data. The control path from server to client is out-of-band, and supports little more than an output flush request. There is one exception to this: the rlogin client may place in the data stream going to the server a notification that its screen size has changed. The client uses the escape sequence "\0377\0377ss", followed by the new screen size. So far as I can see, this escape sequence cannot be escaped. There is no way of passing "\0377\0377ss" from the client to the server without the following bytes being interpreted as a new screen size. Am I missing something here, or does this imply that the RLOGIN protocol doesn't support a true 8-bit data path? -- Robert S. Maier SNAIL: Dept. of Math.; Univ. of Arizona; Tucson, AZ 85721; USA VOICE: +1 602 621 6893 / +1 602 621 2617 UUCP: ..{allegra,cmcl2,hao!noao}!arizona!amethyst!rsm BITNET: maier@arizrvax INTERNET: rsm@amethyst.ma.arizona.edu
roy@phri.UUCP (Roy Smith) (12/06/88)
rsm@amethyst.ma.arizona.edu (Robert Maier) writes: > I recently dug into the BSD4.3 versions of rlogin.c and rlogind.c, and > among other things figured out the (undocumented?) RLOGIN protocol. How is rlogin broken? Let me count the ways. First off, there is no documentation of the protocol. Some camps claim that the Berkeley folks who wrote it intended it more as a quick hack and a demonstration of what you could do with the 4.2 networking code than as a real product and hence didn't document it; they felt that if they documented it, too many people would start to use it. Unfortunately, it's too late now. Second, it depends on out-of-band signaling, which itself is completely broken in both 4.2 and 4.3 systems. Not only does it depend on OOB, but as Robert stated, it ALSO uses in-band non-escapable magic cookies to pass some information. The worst of both worlds. Lastly, it's Unix-specific, depending on rexec (rsh) to work. I suspect it would be very hard to build a rlogin server on a non Unix system. I have, over the years, made several serious attempts to build my own rlogin client. Every attempt has failed, mostly because OOB doesn't work properly. Or rather, the way it works is poorly documented and even after you figure out exactly what it is doing (i.e. marking BOTH sides of the urgent data mark) it is counter-intuitive and so difficult to program around that it is essentially unusable. -- Roy Smith, System Administrator Public Health Research Institute {allegra,philabs,cmcl2,rutgers}!phri!roy -or- phri!roy@uunet.uu.net "The connector is the network"