Re: On OPIE and pam

看板FB_security作者時間13年前 (2012/07/27 17:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/4 (看更多)
Zak Blacher <zblacher@sandvine.com> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > OPIE is not compiled into telnetd, and you shouldn't use telnet anyway. > usr.bin/telnet/Makefile:13:CFLAGS+=3D -DKLUDGELINEMODE -DUSE_TERMIO -DENV= HACK -DOPIE \ That's in the client (telnet), not the server (telnetd). The vulnerability is in the verification code, which would only be used on the server: % ldd /usr/libexec/telnetd=20 /usr/libexec/telnetd: libutil.so.9 =3D> /lib/libutil.so.9 (0x80085e000) libncurses.so.8 =3D> /lib/libncurses.so.8 (0x800a6f000) libmp.so.7 =3D> /usr/lib/libmp.so.7 (0x800cbc000) libcrypto.so.6 =3D> /lib/libcrypto.so.6 (0x800ebf000) libcrypt.so.5 =3D> /lib/libcrypt.so.5 (0x80125f000) libpam.so.5 =3D> /usr/lib/libpam.so.5 (0x80147f000) libkrb5.so.10 =3D> /usr/lib/libkrb5.so.10 (0x801687000) libhx509.so.10 =3D> /usr/lib/libhx509.so.10 (0x8018f6000) libasn1.so.10 =3D> /usr/lib/libasn1.so.10 (0x801b36000) libroken.so.10 =3D> /usr/lib/libroken.so.10 (0x801db8000) libcom_err.so.5 =3D> /usr/lib/libcom_err.so.5 (0x801fc9000) libc.so.7 =3D> /lib/libc.so.7 (0x8021cb000) See, no libopie, hence no vulnerability. What -DOPIE does for telnet is add support for running opiekey from the escape prompt. As for ftpd, it has OPIE enabled by default in PAM, and it tries PAM before OPIE, so there is no need for built-in OPIE support. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 des. 的文章
文章代碼(AID): #1G4bZExM (FB_security)
更多 des. 的文章
文章代碼(AID): #1G4bZExM (FB_security)