Re: bin/22595: telnetd tricked into using arbitrary peer ip

From: Brian Somers (brian@Awfulhak.org)
Date: 07/23/01 

To: Matt Dillon <dillon@earth.backplane.com>
Date: Mon, 23 Jul 2001 11:12:42 +0100
From: Brian Somers <brian@Awfulhak.org>

> All very nice, guys, but not realistic. Only FreeBSD uses an API.
> Third party programs access the structure directly for the most
> part so adding new fields to the structure will just cause more
> garbage to be written to the file (many third party programs
> don't bother to bzero the structure before writing it out). We
> aren't going to add a separate hostname[] array... we just got
> through ripping out the hostname crap, because there was never
> enough room in the field to actually store the FQDN, and many
> programs don't bother to verify the forward against the
> reverse anyway so the data would be suspect. And short
> of making a 200+ character array to hold it, which would be masive
> bloat, there is no way to fit it in the structure. If you want to store
> host names for posterity you will have to log-process the file and
> store the results somewhere else. Every program under the sun assumes
> utmp is a fixed-length structure.
>
> Pretty much our only option is to extend the size of existing fields
> and take the 'oh hell the structure size changed' hit.

Ok, I agree. I think we should bump UT_HOSTSIZE to 40 then and only
put unscoped addresses in the field (ie, fec0::1, not fec0::1%vr0).

Any disagreements ? Should this be brought up (explained) on -arch
now ?

> i -Matt 

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages