The issue is that the kernel's pty structures get corrupted if the master side of a pty is opened and then closed without the slave side having been opened. This can happen with telnetd in various error cases. The workaround is to arrange for the slave side to be opened just before telnetd exits in those cases.
Also includes a few other changes for safety, e.g. making the child exit via QuitGS rather than exit() or _exit().
The vfork_and_run() routine is based on code from my port of hush.
This was generally resolved by adding extra unused parameters to functions, to standardize their signature to what their pointer was being cast to.
This should avoid issues of possible stack corruption due to the ORCA/C calling convention.
In particular, address a couple instances where GNO's sockets implementation doesn't comply with modern standards.
Also, add a few missing prototypes so we can use ORCA/C prototype-checking lint functionality.
*New makefile
*Refer to local versions of telnet-related headers, rather than system ones
*Use termcap instead of termios
*Change hostname lookup in telnetd back to older code (which assumes IPv4, but that's all GNO supports anyway)
This implements part of RFC-2217
It's based off a patch originally written by Sujal Patel at Isilon, and
contributions from other Isilon employees.
PR: 173728
Phabric: D995
Reviewed by: markj, markm
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@274364 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.
This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.
The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.
The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.
Obtained from: Juniper Networks, Inc.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@251188 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@228843 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Instead of catching SIGPIPE and jumping out of the signal handler with
longjmp, ignore it and handle write errors to the local output by exiting
from there. I have changed the error message to mention the local output
instead of NetBSD's wrong "Connection closed by foreign host". Write errors
to the network were already handled by exiting immediately and this now
applies to EPIPE too.
The code assumed that SIGPIPE could only be generated by the network
connection; if it was generated by the local output, it would longjmp out of
the signal handler and write an error message which caused another SIGPIPE.
PR: 19773
Obtained from: NetBSD
MFC after: 1 week
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@207449 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.
git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@202212 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
