Bugtraq mailing list archives
Re: tcpd -DPARANOID doesn't work, and never did
From: chip () PRINCETONTELE COM (Chip Christian)
Date: Tue, 10 Nov 1998 10:19:39 -0500
wietse () PORCUPINE ORG said:
(4) some other application, not tcpd, does address->name lookup and uses the result for "authentication" purposes.
A number of years back smb pointed out the folly of r_cmds.c using #4 alone for authentication, so having the source for SunOS we were able to patch in #1-2 long before Sun got around to it. I hope that nobody ships code like that anymore. This had nothing to do with TTL, of course. And rshd that uses 1+2 should also be not vulnerable to a TTL attack. Cache poisoning was also pointed out and fixed probably as many years ago, also thanks to smb if I recall correctly.
(1) tcpd does address->name lookup, to find out the client hostname. (2) tcpd does name->address lookup, to find out the client address list. (3) if there is a discrepancy, tcpd drops the connection.
Current thread:
- Re: xlock mishandles malformed .signature/.plan Jochen Thomas Bauer (Nov 06)
- Re: xlock mishandles malformed .signature/.plan Aaron Campbell (Nov 07)
- shadow problems. twiztah (Nov 08)
- tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 08)
- Re: tcpd -DPARANOID doesn't work, and never did Warner Losh (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Peter Wemm (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Warner Losh (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Chip Christian (Nov 10)
- <Possible follow-ups>
- Re: xlock mishandles malformed .signature/.plan tschweik () FIDUCIA DE (Nov 09)
- Re: xlock mishandles malformed .signature/.plan tschweik () FIDUCIA DE (Nov 11)