Searching for previous references for this issue, I found:

https://github.com/keithw/mosh/pull/219
  To top it all off: I actually believe libutempter to be a security
  /bug/ by its very design, as it allows untrusted code to spoof
  hostnames into utmp ...

so may have been a "known issue". (Only reference I found, so far.)

Should this broken behaviour be documented, maybe?

Are there any utilities that depend on a correct utmp?
If not, why do we bother updating it?

Cheers, Paul

Paul Szabo   [email protected]   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to