[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS: cvs.openbsd.org: src



I knew about this problem over a year ago.  I bet this fix breaks
the protocol.

Back then, I searched for a way to fix the problem, but I couldn't
find one which didn't change the protocol.

> CVSROOT:	/cvs
> Module name:	src
> Changes by:	millert_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	98/07/09 17:54:37
> 
> Modified files:
> 	libexec/rexecd : rexecd.c 
> 
> Log message:
> Don't open stderr channel until after the user has authenticated themselves
> and never open a reserved port.  Fix from www.infilsec.com, credited
> to "The South African Tiger Team".  While we're in here, don't leak
> info about who is a valid user.
>