[51] in bugtraq
R utilities, addresses, etc.
daemon@ATHENA.MIT.EDU (Charles Howes)
Thu Oct 20 06:36:07 1994
Date: Thu, 20 Oct 1994 01:32:07 -0700 (PDT)
From: Charles Howes <chowes@helix.net>
To: bugtraq@fc.net
In-Reply-To: <199410192354.SAA11304@freeside.fc.net>
On Wed, 19 Oct 1994 smb@research.att.com wrote:
> Well, some folks (like us) have put DNS routines into the shared libc,
> so that everything not statically linked uses the DNS without needing
> NIS.
>
> But that's not the real point. The real point of this discussion is
> that Sun has chosen (rightly, in my opinion) to put the cross-check
> into the libraries, rather than the applications. Thus, Sun's rshd
> and rlogind *don't* do the check themselves. If you replace the resolver
> routines with ones that don't do the cross-check, you've opened up a
> great gaping security hole.
On a pretty-close-to-related issue, why can't the r utitiles handle ip
addresses? Seems to be a glaring omission.
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
