Re: tcpd -DPARANOID doesn't work, and never did

From: Chip Christian (chipat_private)
Date: Tue Nov 10 1998 - 07:19:39 PST

Next message: William Tiemann: "Re: FoolProof for PC Exploit"

Previous message: Job de Haas: "Vulnerabilities with Swish"
Maybe in reply to: D. J. Bernstein: "tcpd -DPARANOID doesn't work, and never did"
Next in thread: Darren Reed: "Re: tcpd -DPARANOID doesn't work, and never did"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

wietseat_private said:
> (4) some other application, not tcpd, does address->name lookup
>     and uses the result for "authentication" purposes.

A number of years back smb pointed out the folly of r_cmds.c using #4
alone for authentication, so having the source for SunOS we were able to
patch in #1-2 long before Sun got around to it.  I hope that nobody ships
code like that anymore.  This had nothing to do with TTL, of course.  And
rshd that uses 1+2 should also be not vulnerable to a TTL attack.  Cache
poisoning was also pointed out and fixed probably as many years ago, also
thanks to smb if I recall correctly.

> (1) tcpd does address->name lookup, to find out the client
>     hostname.
> (2) tcpd does name->address lookup, to find out the client
>     address list.
> (3) if there is a discrepancy, tcpd drops the connection.

Next message: William Tiemann: "Re: FoolProof for PC Exploit"
Previous message: Job de Haas: "Vulnerabilities with Swish"
Maybe in reply to: D. J. Bernstein: "tcpd -DPARANOID doesn't work, and never did"
Next in thread: Darren Reed: "Re: tcpd -DPARANOID doesn't work, and never did"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:35 PDT