Date: Sun, 22 Jul 2001 16:38:13 -0400 (EDT) From: "Richard A. Steenbergen" <ras@e-gerbil.net> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: brian@Awfulhak.org, roam@orbitel.bg, freebsd-security@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/22595: telnetd tricked into using arbitrary peer ip Message-ID: <Pine.BSF.4.21.0107221637470.53680-100000@overlord.e-gerbil.net> In-Reply-To: <20010723.053051.88524825.ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 23 Jul 2001, Hajimu UMEMOTO wrote: > >>>>> On Sat, 21 Jul 2001 23:34:30 +0100 > >>>>> Brian Somers <brian@Awfulhak.org> said: > > brian> Yes, there is a problem where we've basically trusted a DNS that we > brian> don't own -- and that is a risk. But I can't see why 9.8.7.6 is > brian> relevant, *except* that ``w -n'' may be mentioning it. > > brian> Am I misinterpreting things or is the real problem that a forward and > brian> reverse DNS can both conspire against you ? Or is the real problem > brian> just ``w''s -n flag ? > > It is problem of w(1). `w -n' does forward lookup for IPv4 only and > IPv6 is not supported at all. When available, login(1) writes > hostname into utmp instead of IP address. If hostname is saved, `w > -n' queries A RR for the hostname. > Real problem is that UT_HOSTSIZE is too short to hold IPv6 address. > Is there any chance to expand UT_HOSTSIZE in time to 5.0-RELEASE. It > apparently breaks binary compatibility. This is not the problem here, login is writing the false IP to utmp. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107221637470.53680-100000>