Re: Moving telnet/telnetd from base to pkgsrc

To: Taylor R Campbell <campbell+netbsd-tech-userlevel%mumble.net@localhost>
Subject: Re: Moving telnet/telnetd from base to pkgsrc
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sun, 16 Dec 2018 10:33:25 -0500

Taylor R Campbell <campbell+netbsd-tech-userlevel%mumble.net@localhost> writes:

> Given that a large fraction of respondents (though not all) indicated
> that their primary use of telnet is to test reachability of a server
> or manually enter SMTP or HTTP requests over the internet -- a use
> which is adequately served by the much smaller and much more
> confidence-inspiring usr.bin/nc -- I think this _does_ constitute a
> serious danger that warrants the scrutiny it is getting.
>
> [*] Whether it can lead to arbitrary code execution, I don't know, and
>     I'm not interested in studying further to find out; it doesn't
>     take much to get arbitrary code execution, like a single null byte
>     heap buffer overflow:
>     https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html

If somebody knows the details of such a bug and wants to fix it, that
seems uncontroversial.  But we don't seem to be talking about that.

Follow-Ups:
- Re: Moving telnet/telnetd from base to pkgsrc
  - From: maya

References:
- Re: Moving telnet/telnetd from base to pkgsrc
  - From: Taylor R Campbell

Prev by Date: Re: Moving telnet/telnetd from base to pkgsrc
Next by Date: Re: Moving telnet/telnetd from base to pkgsrc
Previous by Thread: Re: Moving telnet/telnetd from base to pkgsrc
Next by Thread: Re: Moving telnet/telnetd from base to pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index