From darrenr@FreeBSD.org  Sun May 27 19:05:36 2012
Return-Path: <darrenr@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5F95E106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 May 2012 19:05:36 +0000 (UTC)
	(envelope-from darrenr@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 4A7228FC0C
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 May 2012 19:05:36 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q4RJ5a2u015632
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 May 2012 19:05:36 GMT
	(envelope-from darrenr@freefall.freebsd.org)
Received: (from darrenr@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q4RJ5a8K015631;
	Sun, 27 May 2012 19:05:36 GMT
	(envelope-from darrenr)
Message-Id: <201205271905.q4RJ5a8K015631@freefall.freebsd.org>
Date: Sun, 27 May 2012 19:05:36 GMT
From: Darren Reed <darrenr@FreeBSD.org>
Reply-To: Darren Reed <darrenr@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: rcmd(3) recursion when RSH points to rsh
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         168388
>Category:       bin
>Synopsis:       rcmd(3) recursion when RSH points to rsh
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 27 19:10:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Darren Reed
>Release:        FreeBSD 9.0-STABLE i386
>Organization:
FreeBSD
>Environment:
System: FreeBSD freefall.freebsd.org 9.0-STABLE FreeBSD 9.0-STABLE #6 r235139: Tue May 8 21:19:03 UTC 2012 simon@freefall.freebsd.org:/usr/obj/usr/src/sys/FREEFALL i386


	
>Description:
In rcmd(3) the environment variable RSH is used to indicate which
program to execute in lieu of rsh itself. The code path present
in rcmd(3) and rcmdsh() will result in continual execution of
rsh if RSH is set to rsh itself. In fact, the RSH environment
variable can only be safely set to a program that does not use
rcmd(3).

What possibly needs to happen here is for rcmd(3) to clear the
RSH environment variable or otherwise make some effort to ensure
that the program it is about to execute is not the same as the
one that is currently executing.
>How-To-Repeat:
export RSH=rsh
rsh localhost who

	
>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted:
