Home page logo

bugtraq logo Bugtraq mailing list archives

Re: a point is being missed
From: casper () Holland Sun COM (Casper Dik)
Date: Sat, 4 Nov 1995 19:51:39 +0100

Why in all this telnetd flap has nobody mentioned that /bin/login should
be relinked STATICALLY?  That at least defers the LD_* class of problem
until after login has done the setuid and exec, but still leaves things
like IFS passed to scripts.

Unfortunately, we can't do that.

Too much *requires* static dynamic linking, and in future even more
will be required. (Pluggable Authentication Modules)

BTW, login does filter other bad variables such as PATH, IFS and SHELL.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]