[5026] in bugtraq
Re: your mail
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Jul 28 12:30:55 1997
Date: Sun, 27 Jul 1997 20:38:36 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: dube0866@EUROBRETAGNE.FR
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199707260529.HAA06051@plaguez.insomnia.org> from "Nicolas Dubee"
at Jul 26, 97 07:29:28 am
> Version: all kerneld/request-route versions
Not Linux 2.1.x . We dumped this feature.
> telnet to a host, resulting in a request-route kernel
> message. The /sbin/request-route would then be executed
> and would overwrite the file at the end of the symlink.
>
> Fix:
> ----
>
> rm -rf /sbin/request-route
It should be noted the authors of the networking code have
been trying to get request-route dumped for about two years.
You lose no functionality by dumping request-route and you can
do the same things far better with diald, which has no kernel
support. The security reason wasn't the reason we wanted it dumped
but its another very very good one. "man diald" ;)
Alan
