Re: Moving telnet/telnetd from base to pkgsrc

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: Moving telnet/telnetd from base to pkgsrc
From: maya%netbsd.org@localhost
Date: Sun, 16 Dec 2018 16:24:54 +0000

On Sun, Dec 16, 2018 at 10:33:25AM -0500, Greg Troxel wrote:
> Taylor R Campbell <campbell+netbsd-tech-userlevel%mumble.net@localhost> writes:
> 
> > Given that a large fraction of respondents (though not all) indicated
> > that their primary use of telnet is to test reachability of a server
> > or manually enter SMTP or HTTP requests over the internet -- a use
> > which is adequately served by the much smaller and much more
> > confidence-inspiring usr.bin/nc -- I think this _does_ constitute a
> > serious danger that warrants the scrutiny it is getting.
> >
> > [*] Whether it can lead to arbitrary code execution, I don't know, and
> >     I'm not interested in studying further to find out; it doesn't
> >     take much to get arbitrary code execution, like a single null byte
> >     heap buffer overflow:
> >     https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
> 
> If somebody knows the details of such a bug and wants to fix it, that
> seems uncontroversial.  But we don't seem to be talking about that.

https://mail-index.netbsd.org/source-changes/2018/12/12/msg101400.html
It being so trivial is embarrassing and a sign someone should have long
ago stepped in and made sense of the code.

Follow-Ups:
- Re: Moving telnet/telnetd from base to pkgsrc
  - From: David Holland

References:
- Re: Moving telnet/telnetd from base to pkgsrc
  - From: Taylor R Campbell
- Re: Moving telnet/telnetd from base to pkgsrc
  - From: Greg Troxel

Prev by Date: Re: Moving telnet/telnetd from base to pkgsrc
Next by Date: Re: Moving telnet/telnetd from base to pkgsrc
Previous by Thread: Re: Moving telnet/telnetd from base to pkgsrc
Next by Thread: Re: Moving telnet/telnetd from base to pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index