![[LWN Logo]](/images/lwn.banner.gif)
Date: Sun, 15 Aug 1999 14:22:52 -0700 (PDT)
From: Kevin Vajk <kvajk@ricochet.net>
To: security-audit@ferret.lmh.ox.ac.uk
Subject: telnetd patch
Below is a patch for telnetd.
It generates an extra compiler warning from not using char *s, but it's
easy to miss with all the other compiler warnings that scroll by as telnet
builds. Sigh...
As far as removing this functionality goes, I think it's worth it.
Often I telnet from a linux system to a UNIX system, and upon logging
in find that term type "linux" is unknown, or I telnet from a UNIX
system to linux, and find that term type "dtterm" isn't known, so
apparently this functionality isn't being used much (or used well)
in the real world, anyhow.
Comments?
- Kevin Vajk
<kvajk@ricochet.net>
diff -u -d -r -P netkit-telnet-0.10.orig/telnetd/telnetd.c netkit-telnet-0.10/telnetd/telnetd.c
--- netkit-telnet-0.10.orig/telnetd/telnetd.c Sun Dec 29 10:27:12 1996
+++ netkit-telnet-0.10/telnetd/telnetd.c Sun Aug 15 14:06:22 1999
@@ -577,21 +577,23 @@
static int
terminaltypeok(char *s)
{
- char buf[2048];
if (terminaltype == NULL)
return(1);
/*
- * tgetent() will return 1 if the type is known, and
- * 0 if it is not known. If it returns -1, it couldn't
- * open the database. But if we can't open the database,
- * it won't help to say we failed, because we won't be
- * able to verify anything else. So, we treat -1 like 1.
+ * We used to check if the type is known by doing:
+ * char buf[2048];
+ * if (tgetent(buf, s) == 0)
+ * return(0);
+ * return(1);
+ * but Tymm Twillman pointed out that this is a security
+ * risk. (Opens us up to some nasty denial-of-services.)
+ * Now we just say the type if fine without even checking.
+ * If we're wrong, let the users' login scripts fix it.
*/
- if (tgetent(buf, s) == 0)
- return(0);
- return(1);
+
+ return(0);
}
#ifndef MAXHOSTNAMELEN