Subject: new rlogin security hole
To: None <current-users@NetBSD.ORG>
From: VaX#n8 <firstname.lastname@example.org>
Date: 08/19/1996 03:42:24
>From the Linux group.
LSF Update #11
term is a 1024 byte buffer allocated on the stack
Fix: make rlogin non-SUID, until you change the code to use strncpy
instead of strcpy.
Hmm, I bet there are many more of these termcap related bugs in
the SUIDs, not to mention any old stack-overflow in an SUID program.
I bet NLS is real bad in this respect too... hmm....
Anyone want to volunteer to help do security checks on all the
SUID programs? I'd at least like to document why each one has to be
SUID (in the manpage), so you can decide if you need it SUID or not.