From owner-cvs-libexec Mon Aug 15 13:06:32 1994 Return-Path: cvs-libexec-owner Received: (from root@localhost) by freefall.cdrom.com (8.6.8/8.6.6) id NAA20189 for cvs-libexec-outgoing; Mon, 15 Aug 1994 13:06:32 -0700 Received: (from guido@localhost) by freefall.cdrom.com (8.6.8/8.6.6) id WAA20173; Mon, 15 Aug 1994 22:06:18 +0200 Date: Mon, 15 Aug 1994 22:06:18 +0200 From: Guido van Rooij Message-Id: <199408152006.WAA20173@freefall.cdrom.com> To: ache, adam, alm, ats, bde, csgr, cvs-libexec, davidg, dyson, guido, hsu, jkh, jvh, karl, martin, nate, paul, phk, proven, pst, rgrimes, rich, sean, sef, smace, sos, wollman Subject: cvs commit: src/libexec/telnetd sys_term.c Sender: cvs-libexec-owner@freefall.cdrom.com Precedence: bulk guido 94/08/15 22:06:16 Modified: libexec/telnetd sys_term.c Log: Plug already known security hole. (Brought over from 1.1.5): Fixed security problem with telnetd, which allowed telnet -l -hcert.org localhost to change the user's host in utmp. Thanks to Matthew Green for showing me this one. Reviewed by: karl, guido Submitted by: mrgreen@@mame.mu.oz.au