| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Noticed by: Steve Kargl <sgk@troutmask.apl.washington.edu>
|
|
|
|
|
|
| |
during authentication. Thus we need to call getpwnam *after* the user
has been authenticated. Colin mentioned that we should also move the
check for root in that case.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
5.0-RELEASE), a visually elusive bug was introduced. A comparison
operator was changed to assignment. As a result, rexecd behaved
always as if the `-i' option had been specified. It would allow root
logins. This commit corrects the situation in the obvious way.
A separate bug was introduced at the same time. The PAM library
functions are called between the invocation of getpwnam(3) and the use
of the returned static object. Since many PAM library functions
result in additional getpwnam(3) calls, the contents of the returned
static object could be changed from under rexecd. With this commit,
getpwnam_r(3) is used instead.
Other PAM-using applications should be reviewed for similar errors in
getpw* usage.
Security: rexecd's documented default policy of disallowing root
logins was not enforced.
Reviewed by: cperciva
|
| |
|
|
|
|
| |
use of struct sockaddr_strage * is thought as not good manner. :)
|
|
|
|
|
| |
struct sockaddr_storage *, there's no point in casting it prematurely
to a struct sockaddr *. This unbreaks WARNS=6 on sparc64.
|
| |
|
|
|
|
| |
socklen_t * argument.
|
| |
|
| |
|
|
|
|
| |
Approved by: das (mentor)
|
| |
|
| |
|
|
|
|
| |
Reviewed by: bde
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
| |
Tested by: kuriyama
|
|
|
|
|
|
|
| |
I dunno if there is an IPv6 supported rexec client. So, it was
tested that this change doesn't break an IPv4.
Tested by: kuriyama (IPv4 only)
|
|
|
|
| |
Hint by: ume
|
|
|
|
|
| |
o register removal
o use new style prototypes and function definitions
|
|
|
|
| |
are not yet warning-clean. Tested on i386 and alpha.
|
| |
|
|
|
|
|
|
|
| |
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.
Submitted by: David Hill <david@phobia.ms>
|
| |
|
| |
|
|
|
|
|
| |
I believe I have done due dilligence on this, but I'd appreciate
decent test scenarios and sucess (or failure) reports.
|
|
|
|
| |
Idea from: Theo de Raadt <deraadt@openbsd.org>
|
| |
|
|
|
|
| |
- MAN[1-9] -> MAN.
|
| |
|
| |
|
| |
|
|
|
|
| |
Submitted by: sheldonh@uunet.co.za
|
|
|
|
|
| |
(presuming that the user in question is not in /etc/ftpusers and
does not have a null password).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
friends are terminated and allow for a maximum
host name length of MAXHOSTNAMELEN - 1.
Put parenthesis around sizeof args.
Make some variables static.
Fix telnetd -u (broken by my last commit)
Prompted by: bde
|
| |
|
|
|
|
|
|
| |
gethostbyaddr() & gethostbyname().
Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
|
| |
|
|
|
|
|
|
|
|
|
| |
compatibility problem at the same time. Some buffer made large enough
for worst case hostname.
fixes PR 2593.
Reviewed by: Dan Cross and maybe others
|
| |
|
|
|
|
|
|
| |
rev 1.7 deraadt:
buf oflow
Obtained from: OpenBSD
|
|
|
|
|
|
|
|
| |
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
|
|
|
|
|
|
|
|
|
|
| |
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.
Yes, an attacker can "relay" connections using this trick, but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
|
|
|
|
|
|
|
|
|
|
|
|
| |
succeeded.
Never allow the reverse channel to be to a privileged port.
Cannidate for: 2.1 and 2.2 branches
Reviewed by: pst (with local cleanups)
Submitted by: Cy Shubert <cy@cwsys.cwent.com>
Obtained from: Jaeger <jaeger@dhp.com> via BUGTRAQ
|
| |
|
| |
|
|
|
|
|
|
| |
getlogin() to return wrong answers (eg: "root").
Reviewed by: davidg
Obtained from: James Jegers, for NetBSD, slightly reworked by me.
|
| |
|
|
|
|
|
|
|
| |
Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command. This only occurs when
linking statically.
|
| |
|