From 1013779e740cebcc06bcd14881f8522911fba4b0 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Thu, 8 Jun 2017 09:08:59 +0200 Subject: [PATCH] stats: get rid of the legacy import fallback using legacy import is dangerious as it is unencrypted by default, so a man in the middle can force the fallback to import protocol and then take over the connection to the remote machine gaining full access to is. --- sys/src/cmd/stats.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/src/cmd/stats.c b/sys/src/cmd/stats.c index 707169f0f..09ef62c63 100644 --- a/sys/src/cmd/stats.c +++ b/sys/src/cmd/stats.c @@ -548,7 +548,6 @@ initmach(Machine *m, char *name) int pid; snprint(mpt, sizeof mpt, "/n/%s", p); - snprint(buf, sizeof buf, "rimport %q / %q || import %q / %q", name, mpt, name, mpt); pid = fork(); switch(pid){ @@ -556,7 +555,7 @@ initmach(Machine *m, char *name) fprint(2, "can't fork: %r\n"); return 0; case 0: - execl("/bin/rc", "rc", "-c", buf, nil); + execl("/bin/rimport", "rimport", name, "/", mpt, nil); fprint(2, "can't exec: %r\n"); exits("exec"); }