Subject: Re: new rlogin security hole
To: VaX#n8 <>
From: matthew green <>
List: current-users
Date: 08/19/1996 22:43:53
   >From the Linux group.
   LSF Update #11
   term is a 1024 byte buffer allocated on the stack
   Fix: make rlogin non-SUID, until you change the code to use strncpy
   instead of strcpy.

i fixed out rlogin some weeks ago.  and jt has pulled up the fix to the
1.2 branch.
   Anyone want to volunteer to help do security checks on all the
   SUID programs?  I'd at least like to document why each one has to be
   SUID (in the manpage), so you can decide if you need it SUID or not.

i've already begun doing something to address this.  contact me
via email for more info.