Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!bloom-beacon!eru!hagbard!sunic!mcsun!news.funet.fi!tukki.jyu.fi!eloranta
From: eloranta@jyu.fi (Jussi Eloranta)
Newsgroups: comp.unix.wizards
Subject: Re: A partial user-mode tty security fix for SunOS, Ultrix, et al.
Message-ID: <1991Jun16.145320.29237@jyu.fi>
Date: 16 Jun 91 14:53:20 GMT
References: <1991Jun13.072348.14232@jyu.fi> <9657.Jun1316.43.1691@kramden.acf.nyu.edu>
Organization: University of Jyvaskyla, Finland
Lines: 18

In article <9657.Jun1316.43.1691@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In the referenced article, Jussi Eloranta presents a patch to telnetd
>meant to stop tty problems under SunOS 4.1.1. Unfortunately, the patch
>doesn't accomplish any more than Sun's patch as announced a while back
>by CERT. Neither patch stops my SunOS 4.1.1 test code, and I don't think
>it's safe to believe that either patch will stop the Dutch hackers for
>long.
>

True. My code expected that the snoop program had the pty as its controlling
terminal but this doesn't need to be true. So not a good patch...

jussi
-- 
============================================================================
Jussi Eloranta               Internet(/Bitnet):    ! The ultimate trip is
University of Jyvaskyla,     eloranta@tukki.jyu.fi !    death.
Finland                      [128.214.7.5]         !  -- Jim Morrison