Commit Graph

21 Commits

Author SHA1 Message Date
brian
3794629aa4 Ensure that things returned by gethostname() and
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)

Prompted by: bde
1999-04-07 08:27:45 +00:00
brian
950e07be1f Link with libutil 1999-04-06 23:40:25 +00:00
brian
86a9f98333 Use realhostname() rather than various combinations of
gethostbyaddr() & gethostbyname().

Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
1999-04-06 23:06:00 +00:00
charnier
fb5bb4fb5d Use err(3). -Wall cleaning. Use Pa for file names and add section in Xrefs. 1997-11-26 07:29:04 +00:00
imp
fbc41f94ae Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS
compatibility problem at the same time.  Some buffer made large enough
for worst case hostname.

fixes PR 2593.

Reviewed by:	Dan Cross and maybe others
1997-03-24 05:57:28 +00:00
peter
bd20ff9351 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
imp
2be21f738d Buffer Overflow from OpenBSD
rev 1.7 deraadt:
	buf oflow
Obtained from: OpenBSD
1997-02-09 04:40:02 +00:00
jkh
9c0cd3f9df Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
pst
1fffa1ab7f Back out recent security patch for rexecd. After more careful analysis,
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
1996-11-22 08:59:07 +00:00
pst
3b2d15b871 Do not attempt to open reverse channel until authentication phase has
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
1996-11-19 18:03:16 +00:00
wosch
e5b4420bce add forgotten $Id$ 1996-09-22 21:56:57 +00:00
mpp
dd8a8fe3c8 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
peter
20406aaa1d rexecd was not calling "setlogin()" when it should have. This was causing
getlogin() to return wrong answers (eg: "root").
Reviewed by:	davidg
Obtained from:	James Jegers, for NetBSD, slightly reworked by me.
1995-07-29 15:21:15 +00:00
rgrimes
1c444a9f7e Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
nate
65de51ac02 Don't rely on the shared library bringing in libmd, do it explicitly.
Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 06:50:00 +00:00
pst
9ae469c2bc make rexecd link against skeyaccess, not authfile 1994-09-30 06:38:43 +00:00
pst
0d0daa6663 Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written,  however make it so
that people who have a need to run it don't hurt themselves so badly.

Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
1994-09-29 09:23:58 +00:00
guido
cf3d4b3bf1 Add skey support
Reviewed by:
Submitted by:	guido
1994-08-21 19:10:43 +00:00
csgr
59dd21860a LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:19:46 +00:00
wollman
406ac1d7a9 Update to new make macros and disable Kerberos because we haven't got it
set up right yet.
1994-08-05 21:24:58 +00:00
rgrimes
7d07d2de2f BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00