Date: Thu, 1 May 1997 18:53:59 -0400 From: mhpower@mit.edu To: bradley@dunn.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: Telnetd problem? Message-ID: <199705012253.SAA06953@charon.MIT.EDU> In-Reply-To: <Pine.BSF.3.96.970501163938.16494E-100000@ns2.harborcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>From src/libexec/telnetd/sys_term.c:
...
>sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
...
>This code is identical to the problematic kerberos code ...
The code is also inside "#if defined(LOGIN_R)" "#endif", as it is in
many other variants of this telnetd. I haven't personally seen any
environments in which LOGIN_R is defined at build time, and I suspect
it's not normally defined on FreeBSD systems. There may be some systems
where LOGIN_R is defined, but I think typically the code is not
actually problematic as a consequence of it not actually being compiled.
Matt Power
mhpower@mit.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705012253.SAA06953>