From opusl@whatmore.Stanford.EDU Fri Jan 23 20:52:52 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id UAA09460 for <bugs@RT-11.MIT.EDU>; Fri, 23 Jan 1998 20:52:51 -0500
Received: from whatmore.Stanford.EDU by MIT.EDU with SMTP
id AA12390; Fri, 23 Jan 98 20:52:58 EST
Received: (from opusl@localhost)
by whatmore.Stanford.EDU (8.8.8/8.8.8) id RAA29553;
Fri, 23 Jan 1998 17:52:39 -0800 (PST)
Message-Id: <199801240152.RAA29553@whatmore.Stanford.EDU>
Date: Fri, 23 Jan 1998 17:52:39 -0800 (PST)
From: Larry Schwimmer <opusl@whatmore.Stanford.EDU>
To: krb5-bugs@MIT.EDU
Cc: schwim@leland.stanford.edu
Subject: telnetd banners
handle most systems.
telnetd provides no mechanism for customizing the banner.
This is considered a security problem by some administrators who
prefer not to advertise their OS or wish to add an additional banner
message.
1) Add more systems to the ext.h database.
2) Add support for the %i directive (/etc/issue.net); the bulk
of the %i code comes from Linux telnet-netkit-0.10. If
/etc/issue.net exists, it is printed (with % expansion)
instead of the default banner.
--- appl/telnet/telnetd/ext.h.orig Thu Dec 4 19:42:24 1997
+++ appl/telnet/telnetd/ext.h Sat Jan 17 06:53:07 1998
***************
*** 220,241 ****
extern int needtermstat;
#endif
#ifndef DEFAULT_IM
# ifdef CRAY
- # define DEFAULT_IM "\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r"
- # else
- # ifdef sun
# ifdef __SVR4
- # define DEFAULT_IM "\r\n\r\nUNIX(r) System V Release 4.0 (%h) (%t)\r\n\r\r\n\r"
- # else
- # define DEFAULT_IM "\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r"
- # endif
- # else
- # ifdef ultrix
- # define DEFAULT_IM "\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r"
# else
- # define DEFAULT_IM "\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r"
# endif
- # endif
# endif
#endif
--- 220,251 ----
extern int needtermstat;
#endif
+ #ifndef ISSUE_FILE
+ #define ISSUE_FILE "/etc/issue.net"
+ #endif
+
#ifndef DEFAULT_IM
# ifdef CRAY
+ # define DEFAULT_IM "%i\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(sun)
# ifdef __SVR4
+ # define DEFAULT_IM "%i\r\n\r\nUNIX(r) System V Release 4.0 (%h) (%t)\r\n\r\r\n\r"
# else
+ # define DEFAULT_IM "%i\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r"
# endif
+ # elif defined(ultrix)
+ # define DEFAULT_IM "%i\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(sgi)
+ # define DEFAULT_IM "%i\r\n\r\nIRIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(_AIX)
+ # define DEFAULT_IM "%i\r\n\r\nAIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(__hpux__)
+ # define DEFAULT_IM "%i\r\n\r\nHP-UX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(__osf__)
+ # define DEFAULT_IM "%i\r\n\r\nDigital UNIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(linux)
+ # define DEFAULT_IM "%i\r\n\r\nLinux (%h) (%t)\r\n\r\r\n\r"
+ # else
+ # define DEFAULT_IM "%i\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r"
# endif
#endif
--- appl/telnet/telnetd/utility.c.orig Thu Dec 4 19:42:25 1997
+++ appl/telnet/telnetd/utility.c Sat Jan 17 07:01:08 1998
***************
*** 35,40 ****
#define PRINTOPTIONS
#include "telnetd.h"
/*
* utility functions performing io related tasks
--- 35,41 ----
#define PRINTOPTIONS
#include "telnetd.h"
+ #include <sys/utsname.h>
/*
* utility functions performing io related tasks
***************
*** 374,379 ****
}
char editedhost[32];
void
edithost(pat, host)
--- 375,381 ----
}
char editedhost[32];
+ struct utsname kerninfo;
void
edithost(pat, host)
***************
*** 382,387 ****
{
register char *res = editedhost;
if (!pat)
pat = "";
while (*pat) {
--- 384,391 ----
{
register char *res = editedhost;
+ uname(&kerninfo);
+
if (!pat)
pat = "";
while (*pat) {
***************
*** 449,455 ****
time_t t;
char db[100];
- putlocation = where;
while (*cp) {
if (*cp != '%') {
--- 453,460 ----
time_t t;
char db[100];
+ if (where)
+ putlocation = where;
while (*cp) {
if (*cp != '%') {
***************
*** 483,488 ****
case '%':
putchr('%');
break;
}
cp++;
--- 488,542 ----
case '%':
putchr('%');
+ break;
+
+ case 'i':
+ {
+ char buff[3];
+ FILE *fp;
+ int p, c;
+
+ if ((fp = fopen(ISSUE_FILE, "r")) == NULL)
+ break;
+ p = '\n';
+ while ((c = fgetc(fp)) != EOF) {
+ if (p == '\n' && c == '#') {
+ do {
+ c = fgetc(fp);
+ } while (c != EOF && c != '\n');
+ continue;
+ } else if (c == '%') {
+ buff[0] = c;
+ c = fgetc(fp);
+ if (c == EOF) break;
+ buff[1] = c;
+ buff[2] = '\0';
+ putf(buff, NULL);
+ } else {
+ if (c == '\n') putchr('\r');
+ putchr(c);
+ p = c;
+ }
+ };
+ (void) fclose(fp);
+ }
+ return; /* ignore remainder of the banner string */
+ /*NOTREACHED*/
+
+ case 's':
+ putstr(kerninfo.sysname);
+ break;
+
+ case 'm':
+ putstr(kerninfo.machine);
+ break;
+
+ case 'r':
+ putstr(kerninfo.release);
+ break;
+
+ case 'v':
+ putstr(kerninfo.version);
break;
}
cp++;
Responsible-Changed-From-To: gnats-admin->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Thu Feb 19 17:55:43 1998
Responsible-Changed-Why:
Refiled
State-Changed-From-To: open-analyzed
State-Changed-By: tlyu
State-Changed-When: Thu Feb 19 17:56:18 1998
State-Changed-Why:
We might already have a fix for this... need to verify that Ted might
have already incorporated substantially similar changes.
State-Changed-From-To: analyzed-closed
State-Changed-By: raeburn
State-Changed-When: Fri Sep 14 10:41:40 2001
State-Changed-Why:
No banner any more, so no defaults.
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id UAA09460 for <bugs@RT-11.MIT.EDU>; Fri, 23 Jan 1998 20:52:51 -0500
Received: from whatmore.Stanford.EDU by MIT.EDU with SMTP
id AA12390; Fri, 23 Jan 98 20:52:58 EST
Received: (from opusl@localhost)
by whatmore.Stanford.EDU (8.8.8/8.8.8) id RAA29553;
Fri, 23 Jan 1998 17:52:39 -0800 (PST)
Message-Id: <199801240152.RAA29553@whatmore.Stanford.EDU>
Date: Fri, 23 Jan 1998 17:52:39 -0800 (PST)
From: Larry Schwimmer <opusl@whatmore.Stanford.EDU>
To: krb5-bugs@MIT.EDU
Cc: schwim@leland.stanford.edu
Subject: telnetd banners
Show quoted text
>Number: 535
>Category: telnet
>Synopsis: telnetd banners
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Jan 23 20:53:01 EST 1998
>Last-Modified: Fri Sep 14 10:42:00 EDT 2001
>Originator: Larry Schwimmer
>Organization:
>Release:
>Environment:
Solaris, HP-UX, Linux, AIX, IRIX, DUNIX>Category: telnet
>Synopsis: telnetd banners
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Jan 23 20:53:01 EST 1998
>Last-Modified: Fri Sep 14 10:42:00 EDT 2001
>Originator: Larry Schwimmer
>Organization:
>Release:
>Environment:
Show quoted text
>Description:
The banner defaults in appl/telnet/telnetd/ext.h do nothandle most systems.
telnetd provides no mechanism for customizing the banner.
This is considered a security problem by some administrators who
prefer not to advertise their OS or wish to add an additional banner
message.
Show quoted text
>How-To-Repeat:
>Fix:
This patch to ext.h and utility.c makes two changes:>Fix:
1) Add more systems to the ext.h database.
2) Add support for the %i directive (/etc/issue.net); the bulk
of the %i code comes from Linux telnet-netkit-0.10. If
/etc/issue.net exists, it is printed (with % expansion)
instead of the default banner.
--- appl/telnet/telnetd/ext.h.orig Thu Dec 4 19:42:24 1997
+++ appl/telnet/telnetd/ext.h Sat Jan 17 06:53:07 1998
***************
*** 220,241 ****
extern int needtermstat;
#endif
#ifndef DEFAULT_IM
# ifdef CRAY
- # define DEFAULT_IM "\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r"
- # else
- # ifdef sun
# ifdef __SVR4
- # define DEFAULT_IM "\r\n\r\nUNIX(r) System V Release 4.0 (%h) (%t)\r\n\r\r\n\r"
- # else
- # define DEFAULT_IM "\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r"
- # endif
- # else
- # ifdef ultrix
- # define DEFAULT_IM "\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r"
# else
- # define DEFAULT_IM "\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r"
# endif
- # endif
# endif
#endif
--- 220,251 ----
extern int needtermstat;
#endif
+ #ifndef ISSUE_FILE
+ #define ISSUE_FILE "/etc/issue.net"
+ #endif
+
#ifndef DEFAULT_IM
# ifdef CRAY
+ # define DEFAULT_IM "%i\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(sun)
# ifdef __SVR4
+ # define DEFAULT_IM "%i\r\n\r\nUNIX(r) System V Release 4.0 (%h) (%t)\r\n\r\r\n\r"
# else
+ # define DEFAULT_IM "%i\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r"
# endif
+ # elif defined(ultrix)
+ # define DEFAULT_IM "%i\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(sgi)
+ # define DEFAULT_IM "%i\r\n\r\nIRIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(_AIX)
+ # define DEFAULT_IM "%i\r\n\r\nAIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(__hpux__)
+ # define DEFAULT_IM "%i\r\n\r\nHP-UX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(__osf__)
+ # define DEFAULT_IM "%i\r\n\r\nDigital UNIX (%h) (%t)\r\n\r\r\n\r"
+ # elif defined(linux)
+ # define DEFAULT_IM "%i\r\n\r\nLinux (%h) (%t)\r\n\r\r\n\r"
+ # else
+ # define DEFAULT_IM "%i\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r"
# endif
#endif
--- appl/telnet/telnetd/utility.c.orig Thu Dec 4 19:42:25 1997
+++ appl/telnet/telnetd/utility.c Sat Jan 17 07:01:08 1998
***************
*** 35,40 ****
#define PRINTOPTIONS
#include "telnetd.h"
/*
* utility functions performing io related tasks
--- 35,41 ----
#define PRINTOPTIONS
#include "telnetd.h"
+ #include <sys/utsname.h>
/*
* utility functions performing io related tasks
***************
*** 374,379 ****
}
char editedhost[32];
void
edithost(pat, host)
--- 375,381 ----
}
char editedhost[32];
+ struct utsname kerninfo;
void
edithost(pat, host)
***************
*** 382,387 ****
{
register char *res = editedhost;
if (!pat)
pat = "";
while (*pat) {
--- 384,391 ----
{
register char *res = editedhost;
+ uname(&kerninfo);
+
if (!pat)
pat = "";
while (*pat) {
***************
*** 449,455 ****
time_t t;
char db[100];
- putlocation = where;
while (*cp) {
if (*cp != '%') {
--- 453,460 ----
time_t t;
char db[100];
+ if (where)
+ putlocation = where;
while (*cp) {
if (*cp != '%') {
***************
*** 483,488 ****
case '%':
putchr('%');
break;
}
cp++;
--- 488,542 ----
case '%':
putchr('%');
+ break;
+
+ case 'i':
+ {
+ char buff[3];
+ FILE *fp;
+ int p, c;
+
+ if ((fp = fopen(ISSUE_FILE, "r")) == NULL)
+ break;
+ p = '\n';
+ while ((c = fgetc(fp)) != EOF) {
+ if (p == '\n' && c == '#') {
+ do {
+ c = fgetc(fp);
+ } while (c != EOF && c != '\n');
+ continue;
+ } else if (c == '%') {
+ buff[0] = c;
+ c = fgetc(fp);
+ if (c == EOF) break;
+ buff[1] = c;
+ buff[2] = '\0';
+ putf(buff, NULL);
+ } else {
+ if (c == '\n') putchr('\r');
+ putchr(c);
+ p = c;
+ }
+ };
+ (void) fclose(fp);
+ }
+ return; /* ignore remainder of the banner string */
+ /*NOTREACHED*/
+
+ case 's':
+ putstr(kerninfo.sysname);
+ break;
+
+ case 'm':
+ putstr(kerninfo.machine);
+ break;
+
+ case 'r':
+ putstr(kerninfo.release);
+ break;
+
+ case 'v':
+ putstr(kerninfo.version);
break;
}
cp++;
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Thu Feb 19 17:55:43 1998
Responsible-Changed-Why:
Refiled
State-Changed-From-To: open-analyzed
State-Changed-By: tlyu
State-Changed-When: Thu Feb 19 17:56:18 1998
State-Changed-Why:
We might already have a fix for this... need to verify that Ted might
have already incorporated substantially similar changes.
State-Changed-From-To: analyzed-closed
State-Changed-By: raeburn
State-Changed-When: Fri Sep 14 10:41:40 2001
State-Changed-Why:
No banner any more, so no defaults.
Show quoted text
>Unformatted: