[1215] in linux-security and linux-alert archive
[linux-security] telnetd/telnetsnoopd (was Re: libc 5.4.7)
daemon@ATHENA.MIT.EDU (Roscinante)
Sun Oct 13 12:56:59 1996
Date: Sat, 12 Oct 1996 13:42:29 -0400 (EDT)
From: Roscinante <rosc@fbn.globalent.net>
To: Linux-security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <199610092121.RAA16061@burgundy.eecs.harvard.edu>
[Rosc]
> > Are there patches to the original telnet/d at least?
On Wed, 9 Oct 1996, David Holland wrote:
> You need to patch it to block all environment variables except for
> those known to be safe (which is basically limited to a half dozen or
> so you can find in the current telnetd source.)
Ok, I spent the day doing a line-by-line comparison of the old telnetsnoopd &
NetKit's telnetd, and as I said previously, there does not seem to be that
great a difference between them, a paragraph at the bottom of global.c seemed
to be the most significant addition. If anyone would check over my changes,
I would appreciate it. I'm uploading it to sunsite, along with the original
telnetsnoopd source (found on the slackware cdrom from InfoMagic June '96)
~~
All that is gold does not glitter.. .
Not all those who wander are lost..J.R.R.T. . /\ .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ._____// \\_____.
And the knowledge that they fear . \\ Rush // .
is a weapon to be held against them.. N.P. . \\ 2112 // .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ . // /\ \\ .
Ghost in the Machine (wraith@styx.ios.com) I[[[[[[[[]]]]]]]]I
Roscinante (rosc@fbn.globalent.net)
http://www.globalent.net/users/fbn