Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

R utilities, addresses, etc.

From: chowes () helix net (Charles Howes)
Date: Thu, 20 Oct 1994 01:32:07 -0700 (PDT)

On Wed, 19 Oct 1994 smb () research att com wrote:


Well, some folks (like us) have put DNS routines into the shared libc,
so that everything not statically linked uses the DNS without needing
NIS.

But that's not the real point.  The real point of this discussion is 
that Sun has chosen (rightly, in my opinion) to put the cross-check
into the libraries, rather than the applications.  Thus, Sun's rshd
and rlogind *don't* do the check themselves.  If you replace the resolver
routines with ones that don't do the cross-check, you've opened up a
great gaping security hole.


On a pretty-close-to-related issue, why can't the r utitiles handle ip
addresses?  Seems to be a glaring omission.
--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971
Previous By Date Next
Previous By Thread Next

Current thread: