Commit Graph

17 Commits

Author SHA1 Message Date
Brian Somers
9e9a43bdec Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
1999-04-07 08:27:45 +00:00
Brian Somers
32af26a501 Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
1999-04-06 23:06:00 +00:00
Philippe Charnier
6896720af3 Use err(3). -Wall cleaning. Use Pa for file names and add section in Xrefs. 1997-11-26 07:29:04 +00:00
Warner Losh
a51e2c9b04 Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS
compatibility problem at the same time.  Some buffer made large enough
for worst case hostname.

fixes PR 2593.

Reviewed by:	Dan Cross and maybe others
1997-03-24 05:57:28 +00:00
Peter Wemm
9e522f7a18 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
Warner Losh
5b266377fd Buffer Overflow from OpenBSD
rev 1.7 deraadt:
	buf oflow
Obtained from: OpenBSD
1997-02-09 04:40:02 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Paul Traina
a13e275f66 Back out recent security patch for rexecd. After more careful analysis,
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
1996-11-22 08:59:07 +00:00
Paul Traina
6c6cc60e38 Do not attempt to open reverse channel until authentication phase has
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
1996-11-19 18:03:16 +00:00
Wolfram Schneider
148531ef1e add forgotten $Id$ 1996-09-22 21:56:57 +00:00
Mike Pritchard
ae532ecb79 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
Peter Wemm
3f59b9c4ef rexecd was not calling "setlogin()" when it should have. This was causing
getlogin() to return wrong answers (eg: "root").
Reviewed by:	davidg
Obtained from:	James Jegers, for NetBSD, slightly reworked by me.
1995-07-29 15:21:15 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Paul Traina
9c48498989 make rexecd link against skeyaccess, not authfile 1994-09-30 06:38:43 +00:00
Paul Traina
cda3118c2e Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written,  however make it so
that people who have a need to run it don't hurt themselves so badly.

Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
1994-09-29 09:23:58 +00:00
Guido van Rooij
a670645c57 Add skey support
Reviewed by:
Submitted by:	guido
1994-08-21 19:10:43 +00:00
Rodney W. Grimes
ea022d1687 BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00