[comp.protocols.misc] flaw in RLOGIN protocol?

rsm@amethyst.ma.arizona.edu (Robert Maier) (12/04/88)

I recently dug into the BSD4.3 versions of rlogin.c and rlogind.c, and
among other things figured out the (undocumented?) RLOGIN protocol.

Once the TCP/IP connection between server and client has been
initialized, it is only used to transfer data.  The control path from
server to client is out-of-band, and supports little more than an
output flush request.

There is one exception to this: the rlogin client may place in the
data stream going to the server a notification that its screen size
has changed.  The client uses the escape sequence "\0377\0377ss",
followed by the new screen size.

So far as I can see, this escape sequence cannot be escaped.  There is
no way of passing "\0377\0377ss" from the client to the server without
the following bytes being interpreted as a new screen size.

Am I missing something here, or does this imply that the RLOGIN
protocol doesn't support a true 8-bit data path?

--
Robert S. Maier
SNAIL: Dept. of Math.; Univ. of Arizona; Tucson, AZ 85721; USA
VOICE: +1 602 621 6893 / +1 602 621 2617
UUCP: ..{allegra,cmcl2,hao!noao}!arizona!amethyst!rsm
BITNET: maier@arizrvax          INTERNET: rsm@amethyst.ma.arizona.edu

roy@phri.UUCP (Roy Smith) (12/06/88)

rsm@amethyst.ma.arizona.edu (Robert Maier) writes:
> I recently dug into the BSD4.3 versions of rlogin.c and rlogind.c, and
> among other things figured out the (undocumented?) RLOGIN protocol.

	How is rlogin broken?  Let me count the ways.  First off, there is
no documentation of the protocol.  Some camps claim that the Berkeley folks
who wrote it intended it more as a quick hack and a demonstration of what
you could do with the 4.2 networking code than as a real product and hence
didn't document it; they felt that if they documented it, too many people
would start to use it.  Unfortunately, it's too late now.

	Second, it depends on out-of-band signaling, which itself is
completely broken in both 4.2 and 4.3 systems.  Not only does it depend on
OOB, but as Robert stated, it ALSO uses in-band non-escapable magic cookies
to pass some information.  The worst of both worlds.

	Lastly, it's Unix-specific, depending on rexec (rsh) to work.  I
suspect it would be very hard to build a rlogin server on a non Unix
system.  I have, over the years, made several serious attempts to build my
own rlogin client.  Every attempt has failed, mostly because OOB doesn't
work properly.  Or rather, the way it works is poorly documented and even
after you figure out exactly what it is doing (i.e. marking BOTH sides of
the urgent data mark) it is counter-intuitive and so difficult to program
around that it is essentially unusable.
-- 
Roy Smith, System Administrator
Public Health Research Institute
{allegra,philabs,cmcl2,rutgers}!phri!roy -or- phri!roy@uunet.uu.net
"The connector is the network"