Date: Thu, 2 Nov 1995 09:33:47 -0500 (EST) From: Charles Owens <owensc@enc.edu> To: questions list FreeBSD <freebsd-questions@freebsd.org> Cc: John Capo <jc@irbs.com> Subject: Re: CERT advisory, telnetd bug -- any progress? Message-ID: <Pine.BSF.3.91.951102092855.6892C-100000@itsdsv1.enc.edu> In-Reply-To: <199511020502.VAA13847@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: John Capo <jc@irbs.com>
> Date: Wed, 1 Nov 1995 21:06:24 -0500 (EST)
> Subject: Re: CERT advisory, telnetd bug -- any progress?
>
> Robert N Watson writes:
> >
> > I know there was some discussion going on on freebsd-security (or
> > somewhere) concerning the telnetd patch -- has a formal patch bee
> > released yet, or are 2.0.5R users dead in the water for a bit? (well,
> > rather, sitting ducks in the water.) Could a binary update to telnetd
> > be put up somewhere for us to grab?
> >
>
> Here are patches, one for -stable and one for 1.1.5.1. I don't
> know if either will apply to 2.0.5 but you can see how it is
> implemented. Basically a function is added called scrub_env() and
> it is called at the beginning of start_login().
>
> In lieu of patching telnetd, you can use the setgid scheme in the
> bulletin.
I'm running 2.0.5R so I ftp'd the -stable source for telnetd. I tried to
apply the path that you posted and got this:
Patching file libexec/telnetd/sys_term.c using Plan A...
patch: **** unexpected end of hunk at line 15
Where'd I go wrong?
thanks,
---
-------------------------------------------------------------------------
Charles Owens Email: owensc@enc.edu
"I read somewhere to learn is to
Information Technology Services remember... and I've learned that
Eastern Nazarene College we've all forgot..." - King's X
-------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.951102092855.6892C-100000>