Date: Tue, 24 Oct 1995 11:51:27 -0400 (EDT) From: Dataradio sysadmin <root@vhf.dataradio.com> To: "David A. Borman" <dab@berserkly.cray.com> Cc: davidg@Root.COM, hartmans@mit.edu, security@freebsd.org Subject: Re: telnetd fix Message-ID: <Pine.BSF.3.91.951024114920.28496F-100000@vhf.dataradio.com> In-Reply-To: <9510241523.AA05306@frenzy.cray.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Oct 1995, David A. Borman wrote: > > > Hi; I've been thinking about the telnetd security patch that was recently > > sent out. I've been watching the list of "vulnerable" environment variables > > grow daily...I really think that excluding certain environment variables is the > > wrong approach to solving the problem. I think it is is much wiser to do an [snip] Have I missed something here? Why not just compile telnetd / login as a statically linked programs, and voila, no worry about possibly switching libc under their noses. ----- Andrew Webster DATARADIO, Inc. Network Manager http://www.dataradio.com Special Projects awebster@dataradio.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.951024114920.28496F-100000>