[prev in list] [next in list] [prev in thread] [next in thread]
List: best-of-security
Subject: BoS: Wide spread resolv+ bugs
From: Julian Assange <proff () suburbia ! net>
Date: 1996-08-14 23:28:05
[Download RAW message or body]
Alan Cox intimated on bugtraq that he has found some bugs in resolv+.
The bugs have been about for years and concern the passing of
enviromental variables to resolv+ code (which is normally called by
ping, rlogin, rsh, ssh etc). Since it looks like the cat is about to
leap from the bag, I think I had better explain. Resolv+ is a library,
often incorporated with libc, but sometimes stand alone (e.g -lresolv).
It contains gethostbyname()/gethostbyaddr() as well as other dns
functions. As an example of wonders of resolv+:
$ export RESOLV_HOST_CONF=/etc/shadow
$ rlogin thepopeneverlikedbadgersanywaymate
Linux is prone to this. Solaris/Sunos does not appear to be. FreeBSD is
not. But thats ok, they make up for it with NLS/Locale, which is a far, far
bigger problem.
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic