Re: [linux-security] Linux NetKit-B update.

[leendert () cs vu nl (Leendert van Doorn)]

A small historical correction:

# >> 6. Buffer overflow in ping mentioned yesterday, but it's not on the
# >> stack and consequently probably not exploitable. Patch: use snprintf.
# >
# >Stack vs. heap is irrelevant.  The V6 'login' overrun bug was in data
# >space, rather than on the stack, and it gave a very nice way to log in
# >as root.

... deleted ...

# >No, I don't remember the exact character string to enter ...    ;-)
#
# I'm pretty sure it was something like "password<encrypted password string>"
#
# Casper

It was 6th edition su program which exhibited this behavior.

6th edition login is very careful in checking its 8 byte limit for
passwords and login names.

        Leendert

P.s. Finally my quest to restore *old* tapes pays off :-)