RE: [unisog] CERTR Advisory CA-2001-34 Buffer Overflow in System V Derived Login

Reg Quinton reggers at ist.uwaterloo.ca
Fri Dec 14 15:55:36 GMT 2001


At http://ist.uwaterloo.ca/~reggers/drafts/login.wrapper I've whipped up
a front-end replacement for /usr/bin/login (in perl) that might help us.
It's brain dead dumb but should protect login enough while we await
vendor fixes.

I've tested on Solaris 8 with telnet and rlogin -- it seems to work
fine.

I'm interested in comments -- good, bad or indifferent.



More information about the unisog mailing list