[150] in linux-security and linux-alert archive
Re: in.talkd+flash
daemon@ATHENA.MIT.EDU (Panzer Boy)
Mon Mar 13 15:15:41 1995
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Panzer Boy)
Date: 13 Mar 1995 12:48:05 -0500
Reply-To: linux-security@tarsier.cv.nrao.edu
Alan Cox (iialan@iifeak.swan.ac.uk) wrote:
: The sunsite in.talkd with flash protection has a critical error that
: allows arbitary commands to be executed on a machine running it. (It uses
: system to mail complaints and doesnt check for things like ';' in the
: hostname).
: Everyone should fix it or remove it ASAP
ftp://ftp.dhp.com/pub/linux/security/ntalkd.tar.gz
A friend of mine originally created this for a BSD based machine, I made
a few changes to the Makefile, and got it to compile. BSD talkd, modded to
parse all talkd requests through "isprintable". More compiler warnings
than I like, but it works in the end, does anyone want to clean this up?
Here's the relavent code that is added:
for (loop = 0; request->l_name[loop] != '\0'; loop++)
/*if nonprintable chars */
if (isprint(request->l_name[loop]) == 0) {
syslog(LOG_WARNING, "talkd: FLASH detected");
request->l_name[loop]='?';
/* throw it out */
return(FAILED);
}
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."
