Date: Thu, 05 Apr 2001 06:21:36 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: Daniel Eischen <eischen@vigrid.com> Cc: cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/secure/lib/libtelnet Makefile Message-ID: <3ACC7160.7060104@quack.kfu.com> References: <Pine.SUN.3.91.1010405071536.26657A-100000@pcnet1.pcnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Eischen wrote: > On Wed, 4 Apr 2001, Nick Sayer wrote: > >> Assar Westerlund wrote: >> >>> Because it causes telnet to call telnet_gets for reading the username >>> and password and thus not allow C-c, C-] or any of the common >>> escapes. This was considered a pain by lots of users on the mailing >>> lists (mainly -stable and -current) I think. The right thing is of >>> course to make this reading of user input DTRT, but without the time >>> to take the right solution I did this to try to keep POLA. >> >> >> But this "solution" by your own admission doesn't actually solve >> anything. So you've in fact reduced the security of telnet for everyone >> for no reason. And I have not seen the massive volume of complaints >> about the prompt's behavior either, by the way. I would have thought the >> first thing you might have done was brought these complaints to someone >> most likely to be able to actually _fix_ the problem correctly. Anyone >> paying attention might have noticed that when problems have popped up >> with SRA in the past (telnet -x cores, for instance), I have responded >> to them in a timely manner. > > > Well, you missed two separate posts from myself to -current about > the problem. Noone responded to these posts. Search for subject > "telnet broken with auto-negotiation of encrypt/decrypt change". Lately I've not followed -current much. But one thing you can do to find out who might be the one to talk to about a piece of functionality is use cvsweb on one of the files in question. Doing so on sra.c would show mine being the only commit that wasn't obviously part of a greater sweep through the code base (albiet from two years ago). Now that y'all have my attention, though, do you have a suggested fix for this? I suspect it will come down to finding where the interrupt character is being disabled and undoing that. It makes no sense to respond to C-] in this context, since you're not escaping from a remote host. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ACC7160.7060104>