Date: Sat, 21 Jul 2001 06:40:02 -0700 (PDT) From: Brian Somers <brian@Awfulhak.org> To: freebsd-bugs@FreeBSD.org Subject: bin/22595: telnetd tricked into using arbitrary peer ip (was: telnetd suckage) Message-ID: <200107211340.f6LDe2L11195@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/22595; it has been noted by GNATS. From: Brian Somers <brian@Awfulhak.org> To: "Richard A. Steenbergen" <ras@e-gerbil.net> Cc: Peter Pentchev <roam@orbitel.bg>, freebsd-security@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org Subject: bin/22595: telnetd tricked into using arbitrary peer ip (was: telnetd suckage) Date: Sat, 21 Jul 2001 14:37:36 +0100 > On Fri, Jul 20, 2001 at 03:58:09PM -0400, Richard A. Steenbergen wrote: > > Speaking of telnetd sucking, did anyone ever get around to fixing > > http://www.freebsd.org/cgi/query-pr.cgi?pr=22595 > > > > Doesn't look like it. > > Do you have any actual suggestions on how to 'make realhostname*() > not suck', as you have so helpfully suggested as a fix? I don't understand this PR. What's the problem ? realhostname*() takes the connecting IP, turns it into a name and resolves that name. If the *original* IP isn't in the list (or if a name couldn't be found from the IP), it puts the *original* ip in utmp/wtmp. If the *original* IP is in the list, it uses the name that the IP was turned into. The difference between ``w'' and ``w -n'' is whether ``w'' will look up IP numbers found in utmp. The fact that you're seeing different answers means that realhostname_sa() stored the IP number in utmp. The example in the PR means that someone connected from 199.95.76.12. There's nothing wrong with realhostname_sa() here. Can the originator please follow up with a better description of what the perceived problem is please ? > G'luck, > Peter > > -- > This sentence is false. -- Brian <brian@freebsd-services.com> <brian@Awfulhak.org> http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org> Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107211340.f6LDe2L11195>