From owner-cvs-all Wed Apr 4 23:18:35 2001 Delivered-To: cvs-all@freebsd.org Received: from quack.kfu.com (quack.kfu.com [205.178.90.194]) by hub.freebsd.org (Postfix) with ESMTP id 11FFF37B424; Wed, 4 Apr 2001 23:18:28 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from medusa.kfu.com (medusa.kfu.com [205.178.90.222]) by quack.kfu.com (8.11.1/8.11.1) with ESMTP id f356IRh69929; Wed, 4 Apr 2001 23:18:27 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from icarus.kfu.com (ssmail@localhost) by medusa.kfu.com (8.11.3/8.11.3) with ESMTP id f356IRp01917; Wed, 4 Apr 2001 23:18:27 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Received: from quack.kfu.com (localhost [::1]) by icarus.kfu.com (8.11.3/8.11.3) with ESMTP id f356IQa71050; Wed, 4 Apr 2001 23:18:26 -0700 (PDT) (envelope-from nsayer@quack.kfu.com) Message-ID: <3ACC0E32.2090601@quack.kfu.com> Date: Wed, 04 Apr 2001 23:18:26 -0700 From: Nick Sayer User-Agent: Mozilla/5.0 (X11; U; FreeBSD 4.3-RC i386; en-US; 0.8) Gecko/20010321 X-Accept-Language: en MIME-Version: 1.0 To: Assar Westerlund Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib/libtelnet Makefile References: <200104050037.f350b7t89955@freefall.freebsd.org> <3ACC0695.4010603@quack.kfu.com> <5lbsqbuc33.fsf@assaris.sics.se> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Assar Westerlund wrote: > Nick Sayer writes: > >> Assar Westerlund wrote: >> >>> assar 2001/04/04 17:37:07 PDT >>> >>> Modified files: (Branch: RELENG_4) >>> secure/lib/libtelnet Makefile >>> Log: >>> MFC: 1.19: disable RSA >>> >>> Approved by: jkh >>> >>> Revision Changes Path >>> 1.17.2.1 +2 -2 src/secure/lib/libtelnet/Makefile >>> http://www.freebsd.org/cgi/cvsweb.cgi/src/secure/lib/libtelnet/Makefile.diff?r1=1.17&r2=1.17.2.1 >> >> 1. It's SRA, not RSA. > > > Yes, I typoed. > >> 2. Why was this necessary? What is so harmful about leaving SRA in? SRA >> was not the most secure thing in the world, but it's certainly more >> secure than plaintext. > > > Because it causes telnet to call telnet_gets for reading the username > and password and thus not allow C-c, C-] or any of the common > escapes. This was considered a pain by lots of users on the mailing > lists (mainly -stable and -current) I think. The right thing is of > course to make this reading of user input DTRT, but without the time > to take the right solution I did this to try to keep POLA. But this "solution" by your own admission doesn't actually solve anything. So you've in fact reduced the security of telnet for everyone for no reason. And I have not seen the massive volume of complaints about the prompt's behavior either, by the way. I would have thought the first thing you might have done was brought these complaints to someone most likely to be able to actually _fix_ the problem correctly. Anyone paying attention might have noticed that when problems have popped up with SRA in the past (telnet -x cores, for instance), I have responded to them in a timely manner. I am sorry that I missed the original commit to -current, or I could have nipped this in the bud. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message