source-changes: re: CVS commit: src/libexec/rshd

Subject: re: CVS commit: src/libexec/rshd
To: None <christos@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: source-changes
Date: 03/09/2005 14:14:22

   
   Module Name:	src
   Committed By:	christos
   Date:		Tue Mar  8 04:35:19 UTC 2005
   
   Modified Files:
   	src/libexec/rshd: rshd.c
   
   Log Message:
   Avoid source routing ip options. Described in:
   http://www.citi.umich.edu/u/provos/papers/secnet-spoof.txt


should we do this in rlogind, rexecd, etc?  also in tcp wrappers as
it may be that tcp wrappers already strips options but leaves the
connection enabled before passing to rshd and rshd won't see that
the connection originally had them enabled.  (this is meantioned
in the above url as well..)

bsdi patched nfsd as well i see...


.mrg.