From owner-freebsd-security  Wed Jul 24 12:55:42 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA11324
          for security-outgoing; Wed, 24 Jul 1996 12:55:42 -0700 (PDT)
Received: from orion.webspan.net (root@orion.webspan.net [206.154.70.41])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA11319
          for <freebsd-security@FreeBSD.org>; Wed, 24 Jul 1996 12:55:39 -0700 (PDT)
Received: from localhost (gpalmer@localhost [127.0.0.1]) 
          by orion.webspan.net (8.7.5/8.6.12) with SMTP id PAA08271;
          Wed, 24 Jul 1996 15:55:18 -0400 (EDT)
X-Authentication-Warning: orion.webspan.net: Host gpalmer@localhost [127.0.0.1] didn't use HELO protocol
To: Victor Rotanov <vitjok@fasts.lv>
cc: freebsd-security@FreeBSD.org
From: "Gary Palmer" <gpalmer@FreeBSD.org>
Subject: Re: unofficial rlogin security patch 
In-reply-to: Your message of "Wed, 24 Jul 1996 22:47:56 -0000."
             <Pine.BSF.3.91.960724224208.1446A-100000@server.fasts.lv> 
Date: Wed, 24 Jul 1996 15:55:18 -0400
Message-ID: <8267.838238118@orion.webspan.net>
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Victor Rotanov wrote in message ID
<Pine.BSF.3.91.960724224208.1446A-100000@server.fasts.lv>:
> This will not allow buffer overrun caused by setting TERM environment 
> variable to something longer than 1024 bytes.

In that case the patch was backwards (by my reading) ... you were
changing strncpy to strcpy, which is what confused me (sorry, I didn't
have time to check the source).

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info