Bug#689562: utempter: Allows fake host setting
Searching for previous references for this issue, I found:
https://github.com/keithw/mosh/pull/219
To top it all off: I actually believe libutempter to be a security
/bug/ by its very design, as it allows untrusted code to spoof
hostnames into utmp ...
so may have been a "known issue". (Only reference I found, so far.)
Should this broken behaviour be documented, maybe?
Are there any utilities that depend on a correct utmp?
If not, why do we bother updating it?
Cheers, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: