Bugtraq: R utilities, addresses, etc.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

R utilities, addresses, etc.

From: chowes () helix net (Charles Howes)
Date: Thu, 20 Oct 1994 01:32:07 -0700 (PDT)


On Wed, 19 Oct 1994 smb () research att com wrote:

Well, some folks (like us) have put DNS routines into the shared libc,
so that everything not statically linked uses the DNS without needing
NIS.

But that's not the real point.  The real point of this discussion is 
that Sun has chosen (rightly, in my opinion) to put the cross-check
into the libraries, rather than the applications.  Thus, Sun's rshd
and rlogind *don't* do the check themselves.  If you replace the resolver
routines with ones that don't do the cross-check, you've opened up a
great gaping security hole.


On a pretty-close-to-related issue, why can't the r utitiles handle ip
addresses?  Seems to be a glaring omission.
--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

By Date By Thread

Current thread:

Re: Internet Worm, (continued)
- Re: Internet Worm Darragh Nagle (Oct 19)
  - Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
  - R utilities, addresses, etc. Charles Howes (Oct 20)
    - Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
    - Re: R utilities, addresses, etc. Charles Howes (Oct 21)
    - Fingerd Summary Adam Shostack (Oct 20)
    - Re: Fingerd Summary Stephen Gildea (Oct 21)
    - Re: Fingerd Summary Adam Shostack (Oct 21)