Date: Wed, 30 May 2001 13:46:48 -0700 (PDT) From: Nick Sayer <nsayer@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/etc pam.conf src/crypto/telnet/libtelnet pk.c sra.c src/crypto/telnet/telnet telnet.c src/secure/libexec/telnetd Makefile src/secure/usr.bin/telnet Makefile Message-ID: <200105302046.f4UKkmC29518@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
nsayer 2001/05/30 13:46:48 PDT
Modified files: (Branch: RELENG_4)
etc pam.conf
crypto/telnet/libtelnet pk.c sra.c
crypto/telnet/telnet telnet.c
secure/libexec/telnetd Makefile
secure/usr.bin/telnet Makefile
Log:
MFC: Security fixes to SRA telnet:
1. Add PAM support to SRA. Includes adding telnetd to /etc/pam.conf and
-lpam to the secure telnetd/telnet Makefiles.
2. Insist on secure tty before allowing root login. This should be
replaced with a suitable PAM module at some point.
3. Make sure not to overflow the xuser/xpass buffers. Since they were
malloc()ed (check for malloc failure and abort, too, btw) this was
likely not exploitable, but it is best to be safe.
Submitted by: kris
Review timeout: security-officer
Revision Changes Path
1.6.2.6 +4 -1 src/etc/pam.conf
1.2.2.1 +12 -5 src/crypto/telnet/libtelnet/pk.c
1.1.2.4 +189 -11 src/crypto/telnet/libtelnet/sra.c
1.4.2.4 +3 -2 src/crypto/telnet/telnet/telnet.c
1.19.2.1 +3 -2 src/secure/libexec/telnetd/Makefile
1.21.2.1 +2 -2 src/secure/usr.bin/telnet/Makefile
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105302046.f4UKkmC29518>