From owner-freebsd-security Mon Jul 23 8:59:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id B2B1037B403; Mon, 23 Jul 2001 08:59:52 -0700 (PDT) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.4/8.11.2) id f6NFxng17095; Mon, 23 Jul 2001 08:59:49 -0700 (PDT) (envelope-from dillon) Date: Mon, 23 Jul 2001 08:59:49 -0700 (PDT) From: Matt Dillon Message-Id: <200107231559.f6NFxng17095@earth.backplane.com> To: Brian Somers Cc: "Jeroen Massar" , "'Brian Somers'" , "'Hajimu UMEMOTO'" , aschneid@mail.slc.edu, ras@e-gerbil.net, roam@orbitel.bg, freebsd-security@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip References: <200107231012.f6NACgg60192@hak.lan.Awfulhak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org : :Ok, I agree. I think we should bump UT_HOSTSIZE to 40 then and only :put unscoped addresses in the field (ie, fec0::1, not fec0::1%vr0). : :Any disagreements ? Should this be brought up (explained) on -arch :now ? Make it 56, and you've got to put the whole IP address in the field, not the short form. Logs are often processed off-host and the short form wouldn't be useful. And we have to worry about X at some point. 40 isn't quite big enough. -Matt : :-- :Brian : http://www.freebsd-services.com/ :Don't _EVER_ lose your sense of humour ! : : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message