Bugtraq mailing list archives
Re: a point is being missed
From: casper () Holland Sun COM (Casper Dik)
Date: Sat, 4 Nov 1995 19:51:39 +0100
Why in all this telnetd flap has nobody mentioned that /bin/login should be relinked STATICALLY? That at least defers the LD_* class of problem until after login has done the setuid and exec, but still leaves things like IFS passed to scripts.
Unfortunately, we can't do that. Too much *requires* static dynamic linking, and in future even more will be required. (Pluggable Authentication Modules) BTW, login does filter other bad variables such as PATH, IFS and SHELL. Casper
Current thread:
- Re: Telnet attack on SGI, (continued)
- Re: Telnet attack on SGI Adam Shostack (Nov 02)
- Does the shared lib bug work on any suid program ? Bernd Lehle (Nov 03)
- Re: Does the shared lib bug work on any suid program ? Fred Blonder (Nov 03)
- Re: Does the shared lib bug work on any suid program ? John Capo (Nov 03)
- Re: Does the shared lib bug work on any suid program ? Justin Mason (Nov 06)
- a point is being missed *Hobbit* (Nov 03)
- Re: a point is being missed Scott Barman (Nov 03)
- Re: a point is being missed John Stewart (Nov 03)
- Re: a point is being missed Douglas Siebert (Nov 03)
- Re: a point is being missed Richard Todd (Nov 04)
- Re: a point is being missed Casper Dik (Nov 04)
- Re: Telnet attack on SGI Edwin Kremer (Nov 09)
- Re: Telnet attack on SGI Edwin Kremer (Nov 10)
- Re: Telnet attack on SGI Sam Hartman (Nov 01)
- Re: Telnet attack on SGI Casper Dik (Nov 06)
- Re: Telnet attack on SGI Adrian (Nov 03)
- Re: Telnet attack on SGI Sam Hartman (Nov 03)
- Re: Telnet attack on SGI Michael/Miguel Sanchez (Nov 09)
- Re: Telnet attack on SGI Michael/Miguel Sanchez (Nov 10)