Bugtraq mailing list archives
R utilities, addresses, etc.
From: chowes () helix net (Charles Howes)
Date: Thu, 20 Oct 1994 01:32:07 -0700 (PDT)
On Wed, 19 Oct 1994 smb () research att com wrote:
Well, some folks (like us) have put DNS routines into the shared libc, so that everything not statically linked uses the DNS without needing NIS. But that's not the real point. The real point of this discussion is that Sun has chosen (rightly, in my opinion) to put the cross-check into the libraries, rather than the applications. Thus, Sun's rshd and rlogind *don't* do the check themselves. If you replace the resolver routines with ones that don't do the cross-check, you've opened up a great gaping security hole.
On a pretty-close-to-related issue, why can't the r utitiles handle ip addresses? Seems to be a glaring omission. -- Charles Howes -- chowes () helix net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- Re: Fingerd Summary Adam Shostack (Oct 21)
- Re: Fingerd Summary KevinTX (Oct 21)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- access(2)--a security hole? Jonathan M. Bresler (Oct 20)
- Re: access(2)--a security hole? Justin Mason (Oct 21)
- Re: access(2)--a security hole? Dave Goldberg (Oct 21)
- Re: access(2)--a security hole? Karl Strickland (Oct 21)