From owner-cvs-all  Wed May 30 13:46:55 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id BA4EC37B423; Wed, 30 May 2001 13:46:48 -0700 (PDT)
	(envelope-from nsayer@FreeBSD.org)
Received: (from nsayer@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f4UKkmC29518;
	Wed, 30 May 2001 13:46:48 -0700 (PDT)
	(envelope-from nsayer)
Message-Id: <200105302046.f4UKkmC29518@freefall.freebsd.org>
From: Nick Sayer <nsayer@FreeBSD.org>
Date: Wed, 30 May 2001 13:46:48 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/etc pam.conf src/crypto/telnet/libtelnet pk.c
         sra.c src/crypto/telnet/telnet telnet.c src/secure/libexec/telnetd
         Makefile src/secure/usr.bin/telnet Makefile
X-FreeBSD-CVS-Branch: RELENG_4
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

nsayer      2001/05/30 13:46:48 PDT

  Modified files:        (Branch: RELENG_4)
    etc                  pam.conf 
    crypto/telnet/libtelnet pk.c sra.c 
    crypto/telnet/telnet telnet.c 
    secure/libexec/telnetd Makefile 
    secure/usr.bin/telnet Makefile 
  Log:
  MFC: Security fixes to SRA telnet:
  
  1. Add PAM support to SRA. Includes adding telnetd to /etc/pam.conf and
  -lpam to the secure telnetd/telnet Makefiles.
  
  2. Insist on secure tty before allowing root login. This should be
  replaced with a suitable PAM module at some point.
  
  3. Make sure not to overflow the xuser/xpass buffers. Since they were
  malloc()ed (check for malloc failure and abort, too, btw) this was
  likely not exploitable, but it is best to be safe.
  
  Submitted by: kris
  Review timeout: security-officer
  
  Revision  Changes    Path
  1.6.2.6   +4 -1      src/etc/pam.conf
  1.2.2.1   +12 -5     src/crypto/telnet/libtelnet/pk.c
  1.1.2.4   +189 -11   src/crypto/telnet/libtelnet/sra.c
  1.4.2.4   +3 -2      src/crypto/telnet/telnet/telnet.c
  1.19.2.1  +3 -2      src/secure/libexec/telnetd/Makefile
  1.21.2.1  +2 -2      src/secure/usr.bin/telnet/Makefile


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message