Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Oct 1995 11:51:27 -0400 (EDT)
From:      Dataradio sysadmin <root@vhf.dataradio.com>
To:        "David A. Borman" <dab@berserkly.cray.com>
Cc:        davidg@Root.COM, hartmans@mit.edu, security@freebsd.org
Subject:   Re: telnetd fix
Message-ID:  <Pine.BSF.3.91.951024114920.28496F-100000@vhf.dataradio.com>
In-Reply-To: <9510241523.AA05306@frenzy.cray.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Oct 1995, David A. Borman wrote:

> 
> >    Hi; I've been thinking about the telnetd security patch that was recently
> > sent out. I've been watching the list of "vulnerable" environment variables
> > grow daily...I really think that excluding certain environment variables is the
> > wrong approach to solving the problem. I think it is is much wiser to do an

[snip]

Have I missed something here?
 
Why not just compile telnetd / login as a statically linked programs, and
voila, no worry about possibly switching libc under their noses. 

-----
Andrew Webster          DATARADIO, Inc.
Network Manager         http://www.dataradio.com
Special Projects        awebster@dataradio.com 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.951024114920.28496F-100000>