Date: Sun, 15 Oct 2000 21:08:45 -0700 From: Kris Kennaway <kris@citusc.usc.edu> To: Will Andrews <will@physics.purdue.edu> Cc: audit@FreeBSD.ORG Subject: Re: telnetd patch Message-ID: <20001015210845.A26381@citusc17.usc.edu> In-Reply-To: <20001015211134.Y95891@puck.firepipe.net>; from will@physics.purdue.edu on Sun, Oct 15, 2000 at 09:11:34PM -0500 References: <20001015165612.A17989@citusc17.usc.edu> <20001015211134.Y95891@puck.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 15, 2000 at 09:11:34PM -0500, Will Andrews wrote: > Since telnet doesn't care about the name of the remote host (unlike > ssh, where this could be exploited to allow "spoofed" hosts to use root > via ssh key with a particular configuration), it probably doesn't matter. The kind of thing I'm worried about is bypassing host-based access checks and logging incorrect host data since you can make telnetd think the local machine lives in a domain of your choosing, and it will query your DNS server to resolve any address information. > > It makes me uncomfortable only filtering out some environment > > variables and not filtering them all out and explicitly allowing some > > back in, but that would probably break too many things. Hopefully we > > don't screw ourselves later when another privileged environment > > variable is added to libc. > > Well, I'm not sure what you mean by "privileged environment variables". > But there could be a standard "allowed environment variables" in libc > that could be used to determine which privileged ones can be used by an > app like telnet, and then allowing others it should use. Things which are normally denied behind issetugid() because they shouldn't be allowed when running with privileges, but which dont get caught in programs like telnetd because it's run as root directly, not run setuid to root (and therefore it's not issetugid()). > I hope getopt() DTRT, since that's where it gets options from. telnet protocol options, not command-line options. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001015210845.A26381>