bin/22595: telnetd tricked into using arbitrary peer ip (was: telnetd suckage)

From: Brian Somers (brian@Awfulhak.org)
Date: 07/21/01 

To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Date: Sat, 21 Jul 2001 14:37:36 +0100
From: Brian Somers <brian@Awfulhak.org>

> On Fri, Jul 20, 2001 at 03:58:09PM -0400, Richard A. Steenbergen wrote:
> > Speaking of telnetd sucking, did anyone ever get around to fixing
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=22595
> >
> > Doesn't look like it.
>
> Do you have any actual suggestions on how to 'make realhostname*()
> not suck', as you have so helpfully suggested as a fix?

I don't understand this PR. What's the problem ? realhostname*()
takes the connecting IP, turns it into a name and resolves that name.
If the *original* IP isn't in the list (or if a name couldn't be
found from the IP), it puts the *original* ip in utmp/wtmp. If the
*original* IP is in the list, it uses the name that the IP was turned
into.

The difference between ``w'' and ``w -n'' is whether ``w'' will look
up IP numbers found in utmp. The fact that you're seeing different
answers means that realhostname_sa() stored the IP number in utmp.

The example in the PR means that someone connected from 199.95.76.12.

There's nothing wrong with realhostname_sa() here. Can the
originator please follow up with a better description of what the
perceived problem is please ?

> G'luck,
> Peter
>
> --
> This sentence is false. 

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Quantcast