From owner-freebsd-bugs Mon Dec 28 22:10:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA23296 for freebsd-bugs-outgoing; Mon, 28 Dec 1998 22:10:14 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA23291 for ; Mon, 28 Dec 1998 22:10:13 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id WAA13434; Mon, 28 Dec 1998 22:10:00 -0800 (PST) Date: Mon, 28 Dec 1998 22:10:00 -0800 (PST) Message-Id: <199812290610.WAA13434@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.ORG From: Peter Wemm Subject: Re: bin/9226: telnetd can log wrong IP address to utmp Reply-To: Peter Wemm Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/9226; it has been noted by GNATS. From: Peter Wemm To: "Jasper O'Malley" Cc: FreeBSD-gnats-submit@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: bin/9226: telnetd can log wrong IP address to utmp Date: Tue, 29 Dec 1998 14:02:05 +0800 "Jasper O'Malley" wrote: [..] > This will prevent telnetd from passing hostnames longer than UT_HOSTSIZE > on as arguments to "login -h", which is what gets the hostname relooked > up by login(1) in the first place. It doesn't appear this change will > break anything else, but I can't swear to it. > > Better solutions would be to: > > a) Make UT_HOSTSIZE bigger, which would break 4.4BSD utmp compatibility, > which isn't why it hasn't been done yet. > > b) Rewrite/patch login(1), xterm(1), sshd(8) et al. to stop logging > hostnames in utmp altogether (how many people have hostnames less than > 16 characters long these days?). Make other applications do the > reverse lookups later, a la w(1) and netstat(1). Without having looked at the code, I suspect telnetd suffers the same problem as rlogind/rshd used to (until I fixed them a week or so ago). Even with your patch, telnetd will log a forged hostname if it's shorter than 16 chars. What would be better would be to reverse lookup the name and check for validity before passing it on or using it in any logs anywhere. Yes, this is a pest if a machine has just exploded it's named, but I'd rather have hostnames/ip addresses in the logs that I can trust. Re: utmp/wtmp format.. We've already changed the username length from 8 to 16 chars, which is different to 2.x. We could change the hostname to 32 and would then be compatable with BSD/OS's utmp format. However, while there, we should do a couple of other things... in particular, add a ut_pid field (which is damn useful!!) and possibly a couple of other things to ease porting problems (perhaps even a getutent() -like emulation). Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message