stats: get rid of the legacy import fallback

using legacy import is dangerious as it is unencrypted by default,
so a man in the middle can force the fallback to import protocol
and then take over the connection to the remote machine gaining
full access to is.

diff --git a/sys/src/cmd/stats.c b/sys/src/cmd/stats.c
index 707169f0f05fb70cb1223adf4357aaaef18299d9..09ef62c63594da6db99779192fd7a1fd25d4b65a 100644 (file)
--- a/sys/src/cmd/stats.c
+++ b/sys/src/cmd/stats.c
@@ -548,7 +548,6 @@ initmach(Machine *m, char *name)
                int pid;
 
                snprint(mpt, sizeof mpt, "/n/%s", p);
-               snprint(buf, sizeof buf, "rimport %q / %q || import %q / %q", name, mpt, name, mpt);
 
                pid = fork();
                switch(pid){
@@ -556,7 +555,7 @@ initmach(Machine *m, char *name)
                        fprint(2, "can't fork: %r\n");
                        return 0;
                case 0:
-                       execl("/bin/rc", "rc", "-c", buf, nil);
+                       execl("/bin/rimport", "rimport", name, "/", mpt, nil);
                        fprint(2, "can't exec: %r\n");
                        exits("exec");
                }