Date: Wed, 04 Apr 2001 23:18:26 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: Assar Westerlund <assar@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib/libtelnet Makefile Message-ID: <3ACC0E32.2090601@quack.kfu.com> References: <200104050037.f350b7t89955@freefall.freebsd.org> <3ACC0695.4010603@quack.kfu.com> <5lbsqbuc33.fsf@assaris.sics.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Assar Westerlund wrote: > Nick Sayer <nsayer@quack.kfu.com> writes: > >> Assar Westerlund wrote: >> >>> assar 2001/04/04 17:37:07 PDT >>> >>> Modified files: (Branch: RELENG_4) >>> secure/lib/libtelnet Makefile >>> Log: >>> MFC: 1.19: disable RSA >>> >>> Approved by: jkh >>> >>> Revision Changes Path >>> 1.17.2.1 +2 -2 src/secure/lib/libtelnet/Makefile >>> http://www.freebsd.org/cgi/cvsweb.cgi/src/secure/lib/libtelnet/Makefile.diff?r1=1.17&r2=1.17.2.1 >> >> 1. It's SRA, not RSA. > > > Yes, I typoed. > >> 2. Why was this necessary? What is so harmful about leaving SRA in? SRA >> was not the most secure thing in the world, but it's certainly more >> secure than plaintext. > > > Because it causes telnet to call telnet_gets for reading the username > and password and thus not allow C-c, C-] or any of the common > escapes. This was considered a pain by lots of users on the mailing > lists (mainly -stable and -current) I think. The right thing is of > course to make this reading of user input DTRT, but without the time > to take the right solution I did this to try to keep POLA. But this "solution" by your own admission doesn't actually solve anything. So you've in fact reduced the security of telnet for everyone for no reason. And I have not seen the massive volume of complaints about the prompt's behavior either, by the way. I would have thought the first thing you might have done was brought these complaints to someone most likely to be able to actually _fix_ the problem correctly. Anyone paying attention might have noticed that when problems have popped up with SRA in the past (telnet -x cores, for instance), I have responded to them in a timely manner. I am sorry that I missed the original commit to -current, or I could have nipped this in the bud. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ACC0E32.2090601>