[4606] in linux-net channel archive
Re: A SERIOUS security problem!!!!
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Sep 30 21:31:33 1996
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: rlk@tiac.net (Robert L Krawitz)
Date: Mon, 30 Sep 1996 21:34:57 +0100 (BST)
Cc: brian@lantz.com, linux-net@vger.rutgers.edu, torvalds@cs.helsinki.fi
In-Reply-To: <199609301647.MAA09250@sunspot.tiac.net> from "Robert L Krawitz" at Sep 30, 96 12:47:01 pm
> To protect your site NOW, make sure you have a statically linked 'login'
> executable! Do it NOW! Go to sunsite.unc.edu (or any other well stocked
> site), and get a copy of the poeigl-1.39.tar.gz package. On sinsite it is
> in the /pub/Linux/system/Admin/login directory. Edit the Makefile,
> and add '-static' to the LIBS line. Do a 'make' and install AT LEAST the
> 'login' executable.
>
> Eh, how do I know that this binary is kosher?
A static linked login binary will make some difference. Make sure you have
netkit-0.08 telnetd and you are fine. That avoids all the fun with
environment variables (and some of it is less obvious but as bad).
Alan
