From czetts@rpi.edu  Fri Aug 16 13:29:23 1996
Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by suburbia.net (8.7.4/Proff-950810) with SMTP id NAA11686; Fri, 16 Aug 1996 13:28:39 +1000
Received: from matisse.its.rpi.edu (matisse.its.rpi.edu [128.113.113.18]) by mail1.its.rpi.edu (8.6.9/8.6.4) with ESMTP id XAA22467; Thu, 15 Aug 1996 23:28:02 -0400
From: Steve Czetty <czetts@rpi.edu>
Received: from localhost (root@localhost) by matisse.its.rpi.edu (8.6.9/8.6.4) with SMTP id XAA101397; Thu, 15 Aug 1996 23:28:06 -0400
Message-Id: <199608160328.XAA101397@matisse.its.rpi.edu>
X-Authentication-Warning: matisse.its.rpi.edu: Host localhost didn't use HELO protocol
Subject: Re: BoS: Wide spread resolv+ bugs 
In-reply-to: Your message of "Thu, 15 Aug 1996 07:29:15 EDT."
             <3212C3BB.63E2@alsutton.com> 
To: Al Sutton <sutton@alsutton.demon.co.uk>
cc: Julian Assange <proff@suburbia.net>, best-of-security@suburbia.net,
        czetts@rpi.edu
Date: Thu, 15 Aug 96 23:28:06 -0500


As a (temporary) fix, I added to my /etc/profile:
RESOLV_HOST_CONF=
declare -xr RESOLV_HOST_CONF

This makes an empty read-only copy of the variable in everybody's default
environment.  I don't know if this is perfect, but it's better than nothing.

-Steve


>Could this not be hole not be plugged by a wrapper similar to the one used to
>plug the telnetd hole?
>
>Al.
>
>Julian Assange wrote:
>> 
>> Alan Cox intimated on bugtraq that he has found some bugs in resolv+.
>> The bugs have been about for years and concern the passing of
>> enviromental variables to resolv+ code (which is normally called by
>> ping, rlogin, rsh, ssh etc). Since it looks like the cat is about to
>> leap from the bag, I think I had better explain. Resolv+ is a library,
>> often incorporated with libc, but sometimes stand alone (e.g -lresolv).
>> It contains gethostbyname()/gethostbyaddr() as well as other dns
>> functions.  As an example of wonders of resolv+:
>> 
>> $ export RESOLV_HOST_CONF=/etc/shadow
>> $ rlogin thepopeneverlikedbadgersanywaymate
>> 
>> Linux is prone to this. Solaris/Sunos does not appear to be. FreeBSD is
>> not. But thats ok, they make up for it with NLS/Locale, which is a far, far
>> bigger problem.
>> 
>> --
>> "Of all tyrannies a tyranny sincerely  exercised for the good of its victims
>>  may be the most  oppressive.  It may be better to live under  robber barons
>>  than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may
>>  sometimes sleep,  his cupidity may at some point be satiated; but those who
>>  torment us for own good  will torment us  without end,  for they do so with
>>  the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_
>> +---------------------+--------------------+--------------------------------
>--+
>> |Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union      
>  |
>> |proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =   
>  |
>> |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E2737893369
>0 |
>> +---------------------+--------------------+--------------------------------
>--+
>
>