Date: Mon, 23 Jul 2001 05:30:51 +0900 (JST) From: Hajimu UMEMOTO <ume@mahoroba.org> To: brian@Awfulhak.org Cc: ras@e-gerbil.net, roam@orbitel.bg, freebsd-security@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip Message-ID: <20010723.053051.88524825.ume@mahoroba.org> In-Reply-To: <200107212234.f6LMYUg79964@hak.lan.Awfulhak.org> References: <ras@e-gerbil.net> <200107212234.f6LMYUg79964@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Sat, 21 Jul 2001 23:34:30 +0100
>>>>> Brian Somers <brian@Awfulhak.org> said:
brian> Yes, there is a problem where we've basically trusted a DNS that we
brian> don't own -- and that is a risk. But I can't see why 9.8.7.6 is
brian> relevant, *except* that ``w -n'' may be mentioning it.
brian> Am I misinterpreting things or is the real problem that a forward and
brian> reverse DNS can both conspire against you ? Or is the real problem
brian> just ``w''s -n flag ?
It is problem of w(1). `w -n' does forward lookup for IPv4 only and
IPv6 is not supported at all. When available, login(1) writes
hostname into utmp instead of IP address. If hostname is saved, `w
-n' queries A RR for the hostname.
Real problem is that UT_HOSTSIZE is too short to hold IPv6 address.
Is there any chance to expand UT_HOSTSIZE in time to 5.0-RELEASE. It
apparently breaks binary compatibility.
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010723.053051.88524825.ume>