[439] in linux-security and linux-alert archive
telnetd shared lib hole
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Nov 5 16:21:32 1995
Date: Wed, 1 Nov 1995 22:22:23 -0500 (EST)
From: Jon Lewis <jlewis@inorganic5.chem.ufl.edu>
To: linux-security@tarsier.cv.nrao.edu
Well...I was silly. Compiling a static in.telnetd solves nothing.
I don't quite understand why static telnetd and login binaries still
appeared to exhibit the hole.
I ended up getting the updated source from a debian mirror site and
compiled a clean telnetd that does not exhibit the hole.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.chem.ufl.edu | But please ask before sending
http://inorganic5.chem.ufl.edu | unsolicited huge files.
|
_____Finger jlewis@inorganic5.chem.ufl.edu for PGP public key_____
[Mod: A static in.telnetd won't really fix this; the environment is
passed on to /bin/login which also needs to be static. I can't figure
out why compiling both programs statically would not fix
things... --Jeff.]
