[1215] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] telnetd/telnetsnoopd (was Re: libc 5.4.7)

daemon@ATHENA.MIT.EDU (Roscinante)
Sun Oct 13 12:56:59 1996

Date: Sat, 12 Oct 1996 13:42:29 -0400 (EDT)
From: Roscinante <rosc@fbn.globalent.net>
To: Linux-security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <199610092121.RAA16061@burgundy.eecs.harvard.edu>


[Rosc]
>  > Are there patches to the original telnet/d at least?

On Wed, 9 Oct 1996, David Holland wrote:
> You need to patch it to block all environment variables except for
> those known to be safe (which is basically limited to a half dozen or
> so you can find in the current telnetd source.)

Ok, I spent the day doing a line-by-line comparison of the old telnetsnoopd &
NetKit's telnetd, and as I said previously, there does not seem to be that
great a difference between them, a paragraph at the bottom of global.c seemed
to be the most significant addition.  If anyone would check over my changes,
I would appreciate it.  I'm uploading it to sunsite, along with the original
telnetsnoopd source (found on the slackware cdrom from InfoMagic June '96)



~~
All that is gold does not glitter..                       .
Not all those who wander are lost..J.R.R.T.         .     /\     .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~    ._____//  \\_____.
And the knowledge that they fear                 . \\    Rush    // .
is a weapon to be held against them.. N.P.       .   \\  2112  //   .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~    .  //   /\   \\  .
Ghost in the Machine (wraith@styx.ios.com)        I[[[[[[[[]]]]]]]]I
Roscinante (rosc@fbn.globalent.net)
http://www.globalent.net/users/fbn

home help back first fref pref prev next nref lref last post