On Sun, Mar 06, 2005 at 10:19:08PM -0800, Joey Hess wrote: > Matt Zimmerman wrote: > > I'm more than willing to consider telnetd a legacy, insecure-by-design > > component for which it is justified to require a non-default configuration. > > <shrug>, my multiple uses of telnetd are all secure. :-P
I just noticed that telnetd contains its own setuid login program, executable only by group telnetd, so not even telnetd needs a suid /bin/login. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
