From owner-freebsd-security  Sat Jul 21  6:37:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8D1EE37B403; Sat, 21 Jul 2001 06:37:39 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by Awfulhak.org (8.11.4/8.11.4) with ESMTP id f6LDbbL09467;
	Sat, 21 Jul 2001 14:37:37 +0100 (BST)
	(envelope-from brian@lan.Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f6LDbag72093;
	Sat, 21 Jul 2001 14:37:36 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200107211337.f6LDbag72093@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: Peter Pentchev <roam@orbitel.bg>, freebsd-security@FreeBSD.org,
	freebsd-gnats-submit@FreeBSD.org
Subject: bin/22595: telnetd tricked into using arbitrary peer ip (was: telnetd suckage)
In-Reply-To: Message from Peter Pentchev <roam@orbitel.bg> 
   of "Sat, 21 Jul 2001 16:11:08 +0300." <20010721161108.A19430@ringworld.oblivion.bg> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 21 Jul 2001 14:37:36 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> On Fri, Jul 20, 2001 at 03:58:09PM -0400, Richard A. Steenbergen wrote:
> > Speaking of telnetd sucking, did anyone ever get around to fixing
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=22595
> > 
> > Doesn't look like it.
> 
> Do you have any actual suggestions on how to 'make realhostname*()
> not suck', as you have so helpfully suggested as a fix?

I don't understand this PR.  What's the problem ?  realhostname*() 
takes the connecting IP, turns it into a name and resolves that name. 
If the *original* IP isn't in the list (or if a name couldn't be 
found from the IP), it puts the *original* ip in utmp/wtmp.  If the 
*original* IP is in the list, it uses the name that the IP was turned 
into.

The difference between ``w'' and ``w -n'' is whether ``w'' will look 
up IP numbers found in utmp.  The fact that you're seeing different 
answers means that realhostname_sa() stored the IP number in utmp.  

The example in the PR means that someone connected from 199.95.76.12.

There's nothing wrong with realhostname_sa() here.  Can the 
originator please follow up with a better description of what the 
perceived problem is please ?

> G'luck,
> Peter
> 
> -- 
> This sentence is false.

-- 
Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
      http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message