From owner-freebsd-questions  Thu Nov  2 06:34:30 1995
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id GAA01653
          for questions-outgoing; Thu, 2 Nov 1995 06:34:30 -0800
Received: from itsdsv1.enc.edu (itsdsv1.enc.edu [199.93.252.241])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id GAA01646
          for <freebsd-questions@freebsd.org>; Thu, 2 Nov 1995 06:34:25 -0800
Received: (from owensc@localhost) by itsdsv1.enc.edu (8.6.11/8.7.2 rev 08/22/95) id JAA07136; Thu, 2 Nov 1995 09:33:47 -0500
Date: Thu, 2 Nov 1995 09:33:47 -0500 (EST)
From: Charles Owens <owensc@enc.edu>
To: questions list FreeBSD <freebsd-questions@freebsd.org>
cc: John Capo <jc@irbs.com>
Subject: Re: CERT advisory, telnetd bug -- any progress?
In-Reply-To: <199511020502.VAA13847@freefall.freebsd.org>
Message-ID: <Pine.BSF.3.91.951102092855.6892C-100000@itsdsv1.enc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
Precedence: bulk

> From: John Capo <jc@irbs.com>
> Date: Wed, 1 Nov 1995 21:06:24 -0500 (EST)
> Subject: Re: CERT advisory, telnetd bug -- any progress?
> 
> Robert N Watson writes:
> > 
> > I know there was some discussion going on on freebsd-security (or
> > somewhere) concerning the telnetd patch -- has a formal patch bee
> > released yet, or are 2.0.5R users dead in the water for a bit?  (well,
> > rather, sitting ducks in the water.)  Could a binary update to telnetd
> > be put up somewhere for us to grab?
> > 
> 
> Here are patches, one for -stable and one for 1.1.5.1.  I don't
> know if either will apply to 2.0.5 but you can see how it is
> implemented.  Basically a function is added called scrub_env() and
> it is called at the beginning of start_login().
> 
> In lieu of patching telnetd, you can use the setgid scheme in the
> bulletin.

I'm running 2.0.5R so I ftp'd the -stable source for telnetd.  I tried to 
apply the path that you posted and got this:

	Patching file libexec/telnetd/sys_term.c using Plan A...
	patch: **** unexpected end of hunk at line 15

Where'd I go wrong?

thanks,
---
-------------------------------------------------------------------------
  Charles Owens					 Email:  owensc@enc.edu
                                       "I read somewhere to learn is to
  Information Technology Services     remember... and I've learned that
  Eastern Nazarene College            we've all forgot..."   - King's X
-------------------------------------------------------------------------