Collin Funk <[email protected]> writes: > Justin Swartz <[email protected]> writes: > >> Greetings, >> >> I've identified two bugs in the debugging support provided by >> telnetd that may be combined to achieve local privilege escalation >> or arbitrary file corruption.
Thank you Justin! Keep'em coming. > The lack of sanitization is fine. It is only a problem when combined > with the incorrect behavior of that link being followed. I agree. > I submitted a pull request to address that [1]. > [1] https://codeberg.org/inetutils/inetutils/pulls/20 I'm not completely opposed to solving it like this, but it feels like a hack. Why are we opening a hard-coded path file like this in the first place? Couldn't we use syslog for logging here? That's what ftpd --debug uses. Did anyone review other telnetd implementations? NetKit, BSD, Solaris, etc. Is --debug widely and consistently implemented? /Simon
signature.asc
Description: PGP signature
