From owner-freebsd-security Sun Jul 22 14:30: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (discworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id 97EFE37B406 for ; Sun, 22 Jul 2001 14:29:58 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 3342 invoked by uid 1000); 22 Jul 2001 21:29:12 -0000 Date: Mon, 23 Jul 2001 00:29:12 +0300 From: Peter Pentchev To: Anthony Schneider Cc: Matt Dillon , Hajimu UMEMOTO , brian@Awfulhak.org, ras@e-gerbil.net, freebsd-security@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip Message-ID: <20010723002912.H882@ringworld.oblivion.bg> Mail-Followup-To: Anthony Schneider , Matt Dillon , Hajimu UMEMOTO , brian@Awfulhak.org, ras@e-gerbil.net, freebsd-security@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG References: <200107212234.f6LMYUg79964@hak.lan.Awfulhak.org> <20010723.053051.88524825.ume@mahoroba.org> <200107222117.f6MLHwr11669@earth.backplane.com> <20010722172232.A94306@mail.slc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010722172232.A94306@mail.slc.edu>; from aschneid@mail.slc.edu on Sun, Jul 22, 2001 at 05:22:32PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Not really; I'd think that utmp structures hold an ASCII string, not the binary address representation. Thus, the current UT_HOSTSIZE of 16 is quite enough to hold an IPv4 address (4*3 + 3 dots), but not nearly enough for full-blown IPv6 addresses. G'luck, Peter -- If this sentence didn't exist, somebody would have invented it. On Sun, Jul 22, 2001 at 05:22:32PM -0400, Anthony Schneider wrote: > 16 bytes. > > On Sun, Jul 22, 2001 at 02:17:58PM -0700, Matt Dillon wrote: > > > > :It is problem of w(1). `w -n' does forward lookup for IPv4 only and > > :IPv6 is not supported at all. When available, login(1) writes > > :hostname into utmp instead of IP address. If hostname is saved, `w > > :-n' queries A RR for the hostname. > > :Real problem is that UT_HOSTSIZE is too short to hold IPv6 address. > > :Is there any chance to expand UT_HOSTSIZE in time to 5.0-RELEASE. It > > :apparently breaks binary compatibility. > > : > > :-- > > :Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan > > :ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org > > > > I think if we are going to increase UT_HOSTSIZE, then 5.0 (i.e. now) > > is exactly the right time to do it. How large does UT_HOSTSIZE > > have to be to accomodate an IPV6 address? > > > > -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message