Commit Graph

17 Commits

Author SHA1 Message Date
imp
7f79bbed5b Julian A's fix. Do chdir as user rather than as root. Fixes a minor NFS
compatibility problem at the same time.  Some buffer made large enough
for worst case hostname.

fixes PR 2593.

Reviewed by:	Dan Cross and maybe others
1997-03-24 05:57:28 +00:00
peter
090fb430f1 Revert $FreeBSD$ to $Id$ 1997-02-22 14:22:49 +00:00
imp
cced79bd4c Buffer Overflow from OpenBSD
rev 1.7 deraadt:
	buf oflow
Obtained from: OpenBSD
1997-02-09 04:40:02 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
pst
f802c9787d Back out recent security patch for rexecd. After more careful analysis,
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.

Yes, an attacker can "relay" connections using this trick,  but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
1996-11-22 08:59:07 +00:00
pst
9b54175344 Do not attempt to open reverse channel until authentication phase has
succeeded.

Never allow the reverse channel to be to a privileged port.

Cannidate for:	2.1 and 2.2 branches

Reviewed by:	pst (with local cleanups)
Submitted by:	Cy Shubert <cy@cwsys.cwent.com>
Obtained from:	Jaeger <jaeger@dhp.com> via BUGTRAQ
1996-11-19 18:03:16 +00:00
wosch
361a15b8f4 add forgotten $Id$ 1996-09-22 21:56:57 +00:00
mpp
684146e8ce Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
peter
8ca6f0e2ac rexecd was not calling "setlogin()" when it should have. This was causing
getlogin() to return wrong answers (eg: "root").
Reviewed by:	davidg
Obtained from:	James Jegers, for NetBSD, slightly reworked by me.
1995-07-29 15:21:15 +00:00
rgrimes
f05428e4cd Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
nate
bbc020cc5c Don't rely on the shared library bringing in libmd, do it explicitly.
Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 06:50:00 +00:00
pst
d66cc2a40a make rexecd link against skeyaccess, not authfile 1994-09-30 06:38:43 +00:00
pst
e9556ba2e9 Tighen up rexecd(8) security (see manual page for details).
Rexecd is a crock, it never should have been written,  however make it so
that people who have a need to run it don't hurt themselves so badly.

Obtained from: Ideas obtained from logdaemon 4.3 from Wietse Venema
1994-09-29 09:23:58 +00:00
guido
170df33e71 Add skey support
Reviewed by:
Submitted by:	guido
1994-08-21 19:10:43 +00:00
csgr
bb1890fe44 LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:19:46 +00:00
wollman
96c19e77ba Update to new make macros and disable Kerberos because we haven't got it
set up right yet.
1994-08-05 21:24:58 +00:00
rgrimes
7d07d2de2f BSD 4.4 Lite Libexec Sources 1994-05-27 12:39:25 +00:00