loginmsg bug
Dag-Erling Smørgrav
des at des.no
Wed Jul 9 20:08:17 EST 2008
Dag-Erling Smørgrav <des at des.no> writes:
> Can loginmsg at this point contain the "Last login" text? That one's
> unsafe since it contains the result of a reverse DNS lookup.
a quick check suggests it can't, and AFAICT the offending code runs in
the unprivileged child, so I really can't see how he exploited it.
Does anybody know what's going on?
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list