Date: Mon, 23 Jul 2001 11:12:42 +0100 From: Brian Somers <brian@Awfulhak.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: "Jeroen Massar" <jeroen@unfix.org>, "'Brian Somers'" <brian@Awfulhak.org>, "'Hajimu UMEMOTO'" <ume@mahoroba.org>, aschneid@mail.slc.edu, ras@e-gerbil.net, roam@orbitel.bg, freebsd-security@FreeBSD.ORG, freebsd-gnats-submit@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip Message-ID: <200107231012.f6NACgg60192@hak.lan.Awfulhak.org> In-Reply-To: Message from Matt Dillon <dillon@earth.backplane.com> of "Sun, 22 Jul 2001 20:54:55 PDT." <200107230354.f6N3stj13517@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> All very nice, guys, but not realistic. Only FreeBSD uses an API.
> Third party programs access the structure directly for the most
> part so adding new fields to the structure will just cause more
> garbage to be written to the file (many third party programs
> don't bother to bzero the structure before writing it out). We
> aren't going to add a separate hostname[] array... we just got
> through ripping out the hostname crap, because there was never
> enough room in the field to actually store the FQDN, and many
> programs don't bother to verify the forward against the
> reverse anyway so the data would be suspect. And short
> of making a 200+ character array to hold it, which would be masive
> bloat, there is no way to fit it in the structure. If you want to store
> host names for posterity you will have to log-process the file and
> store the results somewhere else. Every program under the sun assumes
> utmp is a fixed-length structure.
>
> Pretty much our only option is to extend the size of existing fields
> and take the 'oh hell the structure size changed' hit.
Ok, I agree. I think we should bump UT_HOSTSIZE to 40 then and only
put unscoped addresses in the field (ie, fec0::1, not fec0::1%vr0).
Any disagreements ? Should this be brought up (explained) on -arch
now ?
> i -Matt
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107231012.f6NACgg60192>
