Date: Mon, 23 Jul 2001 06:09:35 +0900 (JST) From: Hajimu UMEMOTO <ume@mahoroba.org> To: ras@e-gerbil.net Cc: brian@Awfulhak.org, roam@orbitel.bg, freebsd-security@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip Message-ID: <20010723.060935.70171168.ume@mahoroba.org> In-Reply-To: <Pine.BSF.4.21.0107221637470.53680-100000@overlord.e-gerbil.net> References: <20010723.053051.88524825.ume@mahoroba.org> <Pine.BSF.4.21.0107221637470.53680-100000@overlord.e-gerbil.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Sun, 22 Jul 2001 16:38:13 -0400 (EDT) >>>>> "Richard A. Steenbergen" <ras@e-gerbil.net> said: ras> On Mon, 23 Jul 2001, Hajimu UMEMOTO wrote: > >>>>> On Sat, 21 Jul 2001 23:34:30 +0100 > >>>>> Brian Somers <brian@Awfulhak.org> said: > > brian> Yes, there is a problem where we've basically trusted a DNS that we > brian> don't own -- and that is a risk. But I can't see why 9.8.7.6 is > brian> relevant, *except* that ``w -n'' may be mentioning it. > > brian> Am I misinterpreting things or is the real problem that a forward and > brian> reverse DNS can both conspire against you ? Or is the real problem > brian> just ``w''s -n flag ? > > It is problem of w(1). `w -n' does forward lookup for IPv4 only and > IPv6 is not supported at all. When available, login(1) writes > hostname into utmp instead of IP address. If hostname is saved, `w > -n' queries A RR for the hostname. > Real problem is that UT_HOSTSIZE is too short to hold IPv6 address. > Is there any chance to expand UT_HOSTSIZE in time to 5.0-RELEASE. It > apparently breaks binary compatibility. ras> This is not the problem here, login is writing the false IP to utmp. I cannot agree with you here. You did ssh via IPv6. login(1) cannot write IPv6 address into utmp. In this case, realhostname_sa(3) returns hostname. The cases that IP address is saved are: - reverse or forward lookup was failed, - the result of reverse -> forward lookup doesn't match against the address, or - IPv4 Even if IPv6 address is saved, since it is chopped, it will fail to do reverse lookup. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010723.060935.70171168.ume>