From owner-freebsd-security Sun Jul 22 17:18:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id 9AD2137B406; Sun, 22 Jul 2001 17:18:15 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.4/8.11.4) with ESMTP id f6N0ICI00840; Mon, 23 Jul 2001 01:18:13 +0100 (BST) (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f6MNtGg11536; Mon, 23 Jul 2001 00:55:16 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200107222355.f6MNtGg11536@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Matt Dillon Cc: Hajimu UMEMOTO , aschneid@mail.slc.edu, brian@Awfulhak.org, ras@e-gerbil.net, roam@orbitel.bg, freebsd-security@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip In-Reply-To: Message from Matt Dillon of "Sun, 22 Jul 2001 15:57:56 PDT." <200107222257.f6MMvuE12313@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 23 Jul 2001 00:55:16 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > :>>>>> On Sun, 22 Jul 2001 17:22:32 -0400 > :>>>>> Anthony Schneider said: > : > :aschneid> 16 bytes. > : > :It's a binary form. We need 40 bytes for global address. To save > :site-local or link-local address, we need more space for scope > :identifier. I believe the length of scope identifier is not defined > :and system specific. > : > :global address: > : > : 1234567890123456789012345678901234567890 > : NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN\n > : > :scoped address: > : > : 1234567890123456789012345678901234567890 > : NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN%fxp0\n > : > :There is one more consideration. `:' is conflict with X. I have no > :particular idea to solve this problem. Enclosing IPv6 address with > :`[' and `]' doesn't help without changing X side. > : > :-- > :Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan > :ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org > :http://www.imasy.org/~ume/ > > Ok, it sounds like 56 bytes ought to be sufficient. This will > increase the lastlog structure from 28 bytes to 68 bytes > and the utmp/wtmp structure from 44 bytes to 84 bytes. A > buildworld would be necessary to deal with the change and > certrain ports, such as ftpd, would have to be rebuilt > (for those people using them) to avoid corruption. utmp > is one of the few structures in the system which is > written out 'manually' by various programs, which is why > . changing the size of the structure is so nasty. I think an API should really be introduced if we're going to do this - there's no point in doing only half the job :-/ I'm no great expert with IPv6, but if the scoping needs to be recorded here, who can guarantee that the length of the interface name will fit (remember, interface numbers can easily be something like 10000 -- think ifconfig gif10000 create, and that's not even considering the name itself having no limits as far as I'm aware). Besides, we also need an address family field. It seems that part of the problem described in this PR is the fact that running ``login -p hostname blah'' results in login(1) doing a reverse lookup on hostname - assuming it's IPv4. w(1) does the same. > The issue with X is a separate problem. The X-style ``machine:screen'' thing doesn't conflict as an IPv6 address will always have at least two ``:''s in it and an X entry will only ever have one. > -Matt -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message