From czetts@rpi.edu Fri Aug 16 13:29:23 1996 Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by suburbia.net (8.7.4/Proff-950810) with SMTP id NAA11686; Fri, 16 Aug 1996 13:28:39 +1000 Received: from matisse.its.rpi.edu (matisse.its.rpi.edu [128.113.113.18]) by mail1.its.rpi.edu (8.6.9/8.6.4) with ESMTP id XAA22467; Thu, 15 Aug 1996 23:28:02 -0400 From: Steve Czetty Received: from localhost (root@localhost) by matisse.its.rpi.edu (8.6.9/8.6.4) with SMTP id XAA101397; Thu, 15 Aug 1996 23:28:06 -0400 Message-Id: <199608160328.XAA101397@matisse.its.rpi.edu> X-Authentication-Warning: matisse.its.rpi.edu: Host localhost didn't use HELO protocol Subject: Re: BoS: Wide spread resolv+ bugs In-reply-to: Your message of "Thu, 15 Aug 1996 07:29:15 EDT." <3212C3BB.63E2@alsutton.com> To: Al Sutton cc: Julian Assange , best-of-security@suburbia.net, czetts@rpi.edu Date: Thu, 15 Aug 96 23:28:06 -0500 As a (temporary) fix, I added to my /etc/profile: RESOLV_HOST_CONF= declare -xr RESOLV_HOST_CONF This makes an empty read-only copy of the variable in everybody's default environment. I don't know if this is perfect, but it's better than nothing. -Steve >Could this not be hole not be plugged by a wrapper similar to the one used to >plug the telnetd hole? > >Al. > >Julian Assange wrote: >> >> Alan Cox intimated on bugtraq that he has found some bugs in resolv+. >> The bugs have been about for years and concern the passing of >> enviromental variables to resolv+ code (which is normally called by >> ping, rlogin, rsh, ssh etc). Since it looks like the cat is about to >> leap from the bag, I think I had better explain. Resolv+ is a library, >> often incorporated with libc, but sometimes stand alone (e.g -lresolv). >> It contains gethostbyname()/gethostbyaddr() as well as other dns >> functions. As an example of wonders of resolv+: >> >> $ export RESOLV_HOST_CONF=/etc/shadow >> $ rlogin thepopeneverlikedbadgersanywaymate >> >> Linux is prone to this. Solaris/Sunos does not appear to be. FreeBSD is >> not. But thats ok, they make up for it with NLS/Locale, which is a far, far >> bigger problem. >> >> -- >> "Of all tyrannies a tyranny sincerely exercised for the good of its victims >> may be the most oppressive. It may be better to live under robber barons >> than under omnipotent moral busybodies, The robber baron's cruelty may >> sometimes sleep, his cupidity may at some point be satiated; but those who >> torment us for own good will torment us without end, for they do so with >> the approval of their own conscience." - C.S. Lewis, _God in the Dock_ >> +---------------------+--------------------+-------------------------------- >--+ >> |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union > | >> |proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = > | >> |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E2737893369 >0 | >> +---------------------+--------------------+-------------------------------- >--+ > >