Simon Josefsson <[email protected]> writes: > Collin Funk <[email protected]> writes: > >> Justin Swartz <[email protected]> writes: >> >>> Greetings, >>> >>> I've identified two bugs in the debugging support provided by >>> telnetd that may be combined to achieve local privilege escalation >>> or arbitrary file corruption. > > Thank you Justin! Keep'em coming. > >> The lack of sanitization is fine. It is only a problem when combined >> with the incorrect behavior of that link being followed. > > I agree. > >> I submitted a pull request to address that [1]. >> [1] https://codeberg.org/inetutils/inetutils/pulls/20 > > I'm not completely opposed to solving it like this, but it feels like a > hack. > > Why are we opening a hard-coded path file like this in the first place? > Couldn't we use syslog for logging here? That's what ftpd --debug uses. > > Did anyone review other telnetd implementations? NetKit, BSD, Solaris, > etc. Is --debug widely and consistently implemented?
It is an Inetutils invention, I believe. I don't love the feature, but I figured my patch was the only way to keep it around mostly as-is in case anyone still uses it. Collin
