[1094] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] RESOLV_HOST_CONF

daemon@ATHENA.MIT.EDU (David Holland)
Tue Aug 27 12:46:56 1996

From: David Holland <dholland@hcs.HARVARD.EDU>
To: chodges@computek.net (C. Hodges)
Date: Mon, 26 Aug 1996 03:49:14 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu, linux-alert@tarsier.cv.nrao.edu
In-Reply-To: <2.2.32.19960825193719.0067a9ec@computek.net> from "C. Hodges" at Aug 25, 96 02:37:19 pm

 > >Real Patch isn't really available yet, from what i can see. You can modify
 > 
 > *ahem* for the most part, yes it is... NetKit-B-0.08 has at least ping and
 > others (?) fixed, but for some strange reason, he didn't bother to fix
 > finger tho... :\  

The bug's in the library. The setuid programs in the current netkit
contain a *workaround*. These are not fixes. Fixes are in the works. 

Be sure to update your netkit, though, as it fixes related bugs in
telnetd that have the possibility of being quite serious.

[You can use finger to read any file that you can already read
yourself... <twirls finger>  Every single network tool will exhibit
this "problem".]

 > ftp.linux.org.co.uk:/pub/linux/Networking/base/NetKit-B-0.08.tar.gz
                 ^^

just .org, not .co as well. And the official name is
'ftp.uk.linux.org' now anyway.

 > until a newer one comes out that patches finger, anyway...

Don't hold your breath. :-)

-- 
   - David A. Holland          | Number of words in the English language that
     dholland@hcs.harvard.edu  | exist because of typos or misreadings: 381

home help back first fref pref prev next nref lref last post