Some relevant discussion:
http://archives.neohapsis.com/archives/linux/lsap/2001-q1/0067.html
>> After reading the code, ... utempter
>> allow for setting arbitrary ut_host's.
>
> Hm, version 0.5 which is what we're using has this:
>
> if (!getuid()) {
> host = argv[3]; /* either NUL
Searching for previous references for this issue, I found:
https://github.com/keithw/mosh/pull/219
To top it all off: I actually believe libutempter to be a security
/bug/ by its very design, as it allows untrusted code to spoof
hostnames into utmp ...
so may have been a "known issue". (Onl
2 matches
Mail list logo
