Building Apple Open Source Tool
Sandor Szatmari
I downloaded the source to match the OS release running on the host machine (10.11.6) and ran make in the rlogin dir. It built, but fails to run with rcmd: socket: Operation not permitted. It will run and connect if run with sudo, so I’m assuming it’s a permissions issue.
I saw the entitlements.plist containing com.apple.private.network.reserved-port and corresponding codesign line in the makefile.
Can anyone give me any guidance on how to build this properly?
Thanks,
Sandor
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (Darwi...@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-dev/darwin-dev-garchive-73044%40googlegroups.com
This email sent to darwin-dev-g...@googlegroups.com
John Francini
"I have come to the conclusion that one useless man is called a disgrace; that two are called a law firm; and that three or more become a Congress. And by God I have had *this* Congress!" --John Adams
I have a need to build rlogin to allow it to connect to a rlogin server accessible on a non-standard specific port.
I downloaded the source to match the OS release running on the host machine (10.11.6) and ran make in the rlogin dir. It built, but fails to run with rcmd: socket: Operation not permitted. It will run and connect if run with sudo, so I’m assuming it’s a permissions issue.
I saw the entitlements.plist containing com.apple.private.network.reserved-port and corresponding codesign line in the makefile.
Can anyone give me any guidance on how to build this properly?
Thanks,
Sandor
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (Darwi...@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
Alastair Houghton
>
> I have a need to build rlogin to allow it to connect to a rlogin server accessible on a non-standard specific port.
I’m sure you’ve already considered this, but it’s worth having it in the mailing list archives anyway: rlogin is generally not a good idea, and unless there is some overwhelming reason why you can’t use it, ssh or slogin is a much better plan.
If you can replace the use of rlogin, with one of the latter two, it will save you the trouble of building it.
Kind regards,
Alastair.
Sandor Szatmari
> On Mar 6, 2019, at 00:57, Alastair Houghton <alas...@alastairs-place.net> wrote:
>
>> On 5 Mar 2019, at 21:43, Sandor Szatmari <admin.sza...@gmail.com> wrote:
>>
>> I have a need to build rlogin to allow it to connect to a rlogin server accessible on a non-standard specific port.
> I’m sure you’ve already considered this, but it’s worth having it in the mailing list archives anyway: rlogin is generally not a good idea, and unless there is some overwhelming reason why you can’t use it, ssh or slogin is a much better plan.
Sage advice, but one our companies products supports a system integration (via rlogin) with infrastructure installed decades ago, and is not going away and cannot be changed. One, it’s not in our purview to change this, two the equipment operates in what is considered a trusted environment. ie not my choice, not my design, not in my control. But, having had to deal with this over the years has given me great appreciation for the sentiment you convey.
>
> If you can replace the use of rlogin, with one of the latter two, it will save you the trouble of building it.
My goal is to have rlogin connect to a higher randomly selected port, but the rlogin client provided on macOS does not appear to have a flag to specify an alternate port. I want to rebuild the rlogin client with this functionality grafted on. Any and all suggestions are welcome.
Thanks,
Sandor
Sandor Szatmari
Sandor
Brendan Shanks
- GNU inetutils (https://www.gnu.org/software/inetutils/)
- FreeBSD bsdrcmds (https://github.com/jlehen/bsdrcmds)
Brendan
> https://lists.apple.com/mailman/options/darwin-dev/brendan%40bslabs.net
>
> This email sent to bre...@bslabs.net
Sandor Szatmari
I’ll check them out, maybe their source would be better to modify.
Sandor
Alastair Houghton
>
> So… one solution, that works, ;) is to chown root:wheel and chmod u+s. This gives the binary the privs it needs. But Apple’s binary in /usr/bin does not employ this solution. I thought maybe I could sign it with my dev cert and go that route. But not sure what/how to configure. If nothing better comes along I can at least do this.
Apple’s version works by having the entitlement com.apple.private.network.reserved-port, which AFAIK only works if the code signature on the binary belongs to Apple (otherwise it’d be a massive security hole). I think third-party software probably has to run as root in order for rresvport() to work.
Sandor Szatmari
> On Mar 7, 2019, at 01:18, Alastair Houghton <alas...@alastairs-place.net> wrote:
>
>> On 6 Mar 2019, at 15:42, Sandor Szatmari <admin.sza...@gmail.com> wrote:
>>
>> So… one solution, that works, ;) is to chown root:wheel and chmod u+s. This gives the binary the privs it needs. But Apple’s binary in /usr/bin does not employ this solution. I thought maybe I could sign it with my dev cert and go that route. But not sure what/how to configure. If nothing better comes along I can at least do this.
>
> Apple’s version works by having the entitlement com.apple.private.network.reserved-port, which AFAIK only works if the code signature on the binary belongs to Apple (otherwise it’d be a massive security hole). I think third-party software probably has to run as root in order for rresvport() to work.
That’s what I was afraid of, but just wasn’t confident enough about to be sure of that conclusion.
Thanks,
Sandor