For mgetty users with non-trusted shell logins

Gert Doering (gert@greenie.muc.de)
Wed, 27 Jan 1999 22:38:53 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Wed, Jan 27, 1999 at 05:53:14PM +0100, l41484@alfa.ist.utl.pt wrote:
> I've nevers disbelieved Marc. I was just suggesting some defenses to what
> i thought the vulnerability was. It's just, i was misunderstooding the
> problem, and suggesting a defense which you had suggested a long time and
> that i've never read. :-) 

Actually, I think the whole thing started on the mgetty list two years
ago.  Then it turned into a discussion between Marc and me, and since
I didn't had any idea how to solve this, Marc did his "rlogin" trick,
and fell silent.  A couple of weeks ago, it resurfaced, and Marc decided
to actually *warn* people about it...

To my knowledge, noboy had been aware of this exploit, or was even
actively using it.  It needs some evil thinking to figure out *all*
the nasties of this issue...

gert
-- 
Gert Doering
Mobile communications ... right now writing from *AWAY* :-)) 
... mobile phone: +49 177 2160221 ... or mail me:  gert@greenie.muc.de