Date: Mon, 28 Dec 1998 23:10:00 -0800 (PST) From: Peter Wemm <peter@netplex.com.au> To: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/9226: telnetd can log wrong IP address to utmp Message-ID: <199812290710.XAA20332@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/9226; it has been noted by GNATS. From: Peter Wemm <peter@netplex.com.au> To: "Jasper O'Malley" <jooji@webnology.com> Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/9226: telnetd can log wrong IP address to utmp Date: Tue, 29 Dec 1998 14:58:54 +0800 "Jasper O'Malley" wrote: > On Tue, 29 Dec 1998, Peter Wemm wrote: > > > Without having looked at the code, I suspect telnetd suffers the same > > problem as rlogind/rshd used to (until I fixed them a week or so ago). > > Even with your patch, telnetd will log a forged hostname if it's shorter > > than 16 chars. > > Absolutely true. I've got a patch to make telnetd feed IP addresses > exclusively to "login -h", but I imagine I'd have a harder time getting > that one committed. Yeah.. :-) > > Yes, this is a pest if a machine has just exploded it's named, but I'd > > rather have hostnames/ip addresses in the logs that I can trust. > > I'm not a big fan of denying access for what might be transient DNS > failures...as long as the "validation" involved falling back to logging > the IP address from the socket object, with the *option* of booting people > with mismatched hostname/address pairs, I'm game. Yes. The "right" thing to do is check if the DNS names are consistant. If so, then use them. If not, then use the IP addresses. That's what rshd and rlogind now do. Telnetd has got a 'bugger off' option if there is no DNS name, but that's an option. :-) > > Re: utmp/wtmp format.. We've already changed the username length from 8 > > to 16 chars, which is different to 2.x. We could change the hostname to > > 32 and would then be compatable with BSD/OS's utmp format. > > I once saw a suggestion on a NetBSD mailing list to make ut_host > variable-length (up to MAXHOSTNAMELEN) that I thought was pretty neat. And > the old Linux utaddr field isn't a bad idea, either. I like the ut_addr field, but how big do you make it? 4 bytes? What about a 16 byte IPv6 address? What I'm partial to is a description record at the beginning of a utmp/wtmp file that specifies the field sizes. As long as it's padded to a record length it could probably be done without too much impact. The other option is a utmp.conf file or something. Or even utmp.db if we want to get really twisted. :-) > Cheers, > Mick > > The Reverend Jasper P. O'Malley dotdot:jooji@webnology.com > Systems Administrator ringring:asktheadmiral > Webnology, LLC woowoo:http://www.webnology.com/~jooji > Cheers, -Peter -- Peter Wemm <peter@netplex.com.au> Netplex Consulting "No coffee, No workee!" :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812290710.XAA20332>