Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_4

Bugtraq archives for 4th quarter (Oct-Dec) 1995: Re: a point is being missed

Re: a point is being missed

Casper Dik (casperHolland.Sun.COM)
Sat, 4 Nov 1995 19:51:39 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: SunOS syslog() fix, finally..."
Previous message: Sam Hartman: "Re: Telnet attack on SGI"
In reply to: *Hobbit*: "a point is being missed"
Next in thread: Doug Hughes: "Re: a point is being missed"

>Why in all this telnetd flap has nobody mentioned that /bin/login should
>be relinked STATICALLY?  That at least defers the LD_* class of problem
>until after login has done the setuid and exec, but still leaves things
>like IFS passed to scripts.


Unfortunately, we can't do that.

Too much *requires* static dynamic linking, and in future even more
will be required. (Pluggable Authentication Modules)

BTW, login does filter other bad variables such as PATH, IFS and SHELL.

Casper

Next message: Casper Dik: "Re: SunOS syslog() fix, finally..."
Previous message: Sam Hartman: "Re: Telnet attack on SGI"
In reply to: *Hobbit*: "a point is being missed"
Next in thread: Doug Hughes: "Re: a point is being missed"