Date: Mon, 23 Jul 2001 11:12:42 +0100 From: Brian Somers <brian@Awfulhak.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: "Jeroen Massar" <jeroen@unfix.org>, "'Brian Somers'" <brian@Awfulhak.org>, "'Hajimu UMEMOTO'" <ume@mahoroba.org>, aschneid@mail.slc.edu, ras@e-gerbil.net, roam@orbitel.bg, freebsd-security@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip Message-ID: <200107231012.f6NACgg60192@hak.lan.Awfulhak.org> In-Reply-To: Message from Matt Dillon <dillon@earth.backplane.com> of "Sun, 22 Jul 2001 20:54:55 PDT." <200107230354.f6N3stj13517@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> All very nice, guys, but not realistic. Only FreeBSD uses an API. > Third party programs access the structure directly for the most > part so adding new fields to the structure will just cause more > garbage to be written to the file (many third party programs > don't bother to bzero the structure before writing it out). We > aren't going to add a separate hostname[] array... we just got > through ripping out the hostname crap, because there was never > enough room in the field to actually store the FQDN, and many > programs don't bother to verify the forward against the > reverse anyway so the data would be suspect. And short > of making a 200+ character array to hold it, which would be masive > bloat, there is no way to fit it in the structure. If you want to store > host names for posterity you will have to log-process the file and > store the results somewhere else. Every program under the sun assumes > utmp is a fixed-length structure. > > Pretty much our only option is to extend the size of existing fields > and take the 'oh hell the structure size changed' hit. Ok, I agree. I think we should bump UT_HOSTSIZE to 40 then and only put unscoped addresses in the field (ie, fec0::1, not fec0::1%vr0). Any disagreements ? Should this be brought up (explained) on -arch now ? > i -Matt -- Brian <brian@freebsd-services.com> <brian@Awfulhak.org> http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org> Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107231012.f6NACgg60192>