From owner-freebsd-security  Tue Apr  3 16: 2:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 21F9E37B71E
	for <security@freebsd.org>; Tue,  3 Apr 2001 16:02:38 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f33N2WY14827;
	Tue, 3 Apr 2001 16:02:32 -0700 (PDT)
Date: Tue, 3 Apr 2001 16:02:32 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Roman Shterenzon <roman@xpert.com>
Cc: security@freebsd.org
Subject: Re: 4.3rc2: if=/etc/issue in /etc/gettytab is not respected
Message-ID: <20010403160232.I12164@fw.wintelcom.net>
References: <20010403151111.E12164@fw.wintelcom.net> <Pine.LNX.4.30.0104040038410.12194-100000@jamus.xpert.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.30.0104040038410.12194-100000@jamus.xpert.com>; from roman@xpert.com on Wed, Apr 04, 2001 at 12:39:54AM +0200
X-all-your-base: are belong to us.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Roman Shterenzon <roman@xpert.com> [010403 15:35] wrote:
> With enough attention and code analysis, that could be made before
> 4.3-RELEASE. There's almost two weeks left, and many people who are
> willing to test it. Me for example :)

There's basically two telnetd's in the source tree.  When you
compile and install the one from src/secure/libexec/telnetd you
get one that doesn't respect the if= directive.  It looks like
it doesn't even respect the other settings, something to do
with the USER environment variable.

I've moved this to the security list in an effort to get this
explained.

Anyone know why this going on?

Basically in "normal" (src/libexec/telnetd.c)
this:
    if (getenv("USER"))
        hostinfo = 0;
is false, but under "crypto" (src/crypto/telnet/telnetd/telnetd.c)
it's true and therefore doesn't display the login info.


-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message