From owner-freebsd-security Mon Jul 23 9:13:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from cpimssmtpu06.email.msn.com (cpimssmtpu06.email.msn.com [207.46.181.82]) by hub.freebsd.org (Postfix) with ESMTP id DD24C37B405; Mon, 23 Jul 2001 09:13:46 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from x86w2kw1 ([216.103.48.12]) by cpimssmtpu06.email.msn.com with Microsoft SMTPSVC(5.0.2195.3225); Mon, 23 Jul 2001 09:13:28 -0700 Message-ID: <00e001c11393$37995340$0101a8c0@development.local> From: "John Howie" To: "Matt Dillon" , "Garrett Wollman" Cc: , References: <000f01c11315$094851e0$420d640a@HELL><200107230354.f6N3stj13517@earth.backplane.com> <200107231538.f6NFcZl81468@khavrinen.lcs.mit.edu> <200107231557.f6NFvQb17025@earth.backplane.com> Subject: Re: RE: bin/22595: telnetd tricked into using arbitrary peer ip Date: Mon, 23 Jul 2001 09:19:14 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-OriginalArrivalTime: 23 Jul 2001 16:13:28.0628 (UTC) FILETIME=[68BA5740:01C11392] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is getting off-topic for security but how about taking utmp and implementing it as a device? I haven't sat down and thought it all through but you could reasonably easily check the format of the data written to it (or at least check the size) to determine how to handle it, and likewise for the reads. That way you don't have to break your back trying to port all those third party apps. A daemon could pick up the processed data and write it to a log. Even better, have the information validated in the kernel before being logged. From a security perspective I have never liked the fact that crucial log files can just be written to by any old app that happens to run in root context. john... ----- Original Message ----- From: "Matt Dillon" To: "Garrett Wollman" Cc: ; Sent: Monday, July 23, 2001 8:57 AM Subject: Re: RE: bin/22595: telnetd tricked into using arbitrary peer ip > > : > :< said: > : > :> All very nice, guys, but not realistic. Only FreeBSD uses an API. > : > :Erm, no, wrong. > : > :SVR4 has an API. This API is standardized as a part of the Austin > :Group process. > : > :-GAWollman > > Fine.. then if you want to get all the third party program authors to > use a magic API, be my guest. Could it be, no... it couldn't... > all those programs couldn't just not *know* about the 'Austin Group > process' could they? That's criminal! Oops, oh well so much for > that! > > Even ssh, about the closest third party program to BSD as there ever > was, doesn't use an API call for lastlog. It does for utmp, sort-of, > but not for lastlog. Bzzzt. > > -Matt > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message