Subject: Re: new rlogin security hole
To: VaX#n8 <firstname.lastname@example.org>
From: matthew green <email@example.com>
Date: 08/19/1996 22:43:53
>From the Linux group.
LSF Update #11
term is a 1024 byte buffer allocated on the stack
Fix: make rlogin non-SUID, until you change the code to use strncpy
instead of strcpy.
i fixed out rlogin some weeks ago. and jt has pulled up the fix to the
Anyone want to volunteer to help do security checks on all the
SUID programs? I'd at least like to document why each one has to be
SUID (in the manpage), so you can decide if you need it SUID or not.
i've already begun doing something to address this. contact me
via email for more info.