RSH scaling problems...
becker at scyld.com
Wed Dec 18 12:34:53 PST 2002
The rate-limiting aspect of using 'rsh' has been covered by other
postings, but not the underlying reason...
On Tue, 17 Dec 2002, Jeff Layton wrote:
> Jesse Becker wrote:
> > On Sun, 15 Dec 2002, Mike S Galicki wrote:
> > > I believe the default pty's in 2.4.20 is 1024, but when I list /dev/pty
> > > I only see 256 entries. MAKEDEV -m 1024 didn't seem to do anything past
> > > 256.
> > The default number of ptys is 254 in 2.4.x Linux kernels. This is
> > hardcoded, and you need a kernel recompile if you need more.
> The way it was explained to me is that the function rcmd(), which
> is invoked by rsh, attempts to gobble up two ports between 512 and
The key value is IPPORT_RESERVED
/usr/include/netinet/in.h: IPPORT_RESERVED = 1024,
This a well-known constant. Changing the value is almost impossible.
> So, even if you patch the kernel to give you more than 256 ptys,
> you also need to patch rcmd() to use a wider range of ports (at least
> in theory).
It's not nearly as simple as changing the value and recompiling your
local kernel. You must also recompile the applications that depend on 1024,
and edit those that don't use the symbolic names. But who cares about
the local machine -- it's the remote machine that you need to impress
with your credentials! So you have to change the whole world, and
that's not going to happen.
Overall, using 'port < 1024' as a security mechanism is pretty weak.
Single-domain clusters are one of the few cases where it _is_ useful.
Donald Becker becker at scyld.com
Scyld Computing Corporation http://www.scyld.com
410 Severn Ave. Suite 210 Scyld Beowulf cluster system
Annapolis MD 21403 410-990-9993
More information about the Beowulf