Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP
id AA5671 ; Fri, 01 Jan 93 01:52:21 EST
Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!olivea!uunet!mcsun!sun4nl!tuegate.tue.nl!svin09!wzv!rob
From: rob@wzv.win.tue.nl (Rob J. Nauta)
Newsgroups: comp.unix.bsd
Subject: Small 386BSD rexecd.c bug
Message-ID: <4318@wzv.win.tue.nl>
Date: 28 Dec 92 21:30:58 GMT
Organization: None
Lines: 35
I've noticed a small rexecd bug in the standard 386BSD code.
The protocol reads data from the socket, to be precise an ASCII
number, username, password, command. All separated by a NULL
byte. The number is used as the number of an additional socket
for stderr. When the user is validated, the rexecd returns a null
byte and a shell is started with the in- and output connected to
the socket(s).
The problem is, that the standard distribution has a crypt()
routine which contains:
char *
crypt (k, s) char *k,*s; {
write(2,"Crypt not present in system\n", 29);
return(k);
}
Now, this crypt() writes on stderr. The remote rexec eats the
first byte, so the user sees
rypt not present in system
instead of the real error, and the connection fails.
Now, I know that most people immediately install a crypt-replacement
package, so before I patch this, I'd like to ask the net if
- It has been patched already ?
- Is it worth it to fix ??
Please send email
Rob
--
/-----------------------------------------------\ Never ,==.
| Rob J. Nauta, UNIX computer security expert. | Apologize, /@ |
| rob@wzv.win.tue.nl, Phone: +31-40-837549 | Never /_ <
| Feel free to email me for free advice | Explain. =" `g'