[450] in linux-security and linux-alert archive
Re: telnetd shared lib hole
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Mon Nov 6 14:10:30 1995
Date: Mon, 6 Nov 1995 13:48:25 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: Jon Lewis <jlewis@inorganic5.chem.ufl.edu>
Cc: Aleph One <aleph1@dfw.net>, linux-security@tarsier.cv.nrao.edu
In-Reply-To: Your message of Mon, November 6, 1995 02:11:33 -0500
"JL" == Jon Lewis <jlewis@inorganic5.chem.ufl.edu> writes:
>> > [Mod: A static in.telnetd won't really fix this; the environment is
>> > passed on to /bin/login which also needs to be static.
JL> I think it was mentioned in bugtraq that static login does fix it,
Yes. My use of the word "also" in my note was a poor choice of wording
(it's superfluous); in.telnetd does not need to be static since it is
not using the environment variables that are passed to it for its own
library loading. I knew what I meant, I just didn't word things
correctly--I apologize for any misunderstanding that may have caused.
--Up.
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | jeff.uphoff@linux.org
Charlottesville, VA, USA | http://linux.nrao.edu/~juphoff/
