On Sun, Dec 16, 2018 at 10:33:25AM -0500, Greg Troxel wrote: > Taylor R Campbell <campbell+netbsd-tech-userle...@mumble.net> writes: > > > Given that a large fraction of respondents (though not all) indicated > > that their primary use of telnet is to test reachability of a server > > or manually enter SMTP or HTTP requests over the internet -- a use > > which is adequately served by the much smaller and much more > > confidence-inspiring usr.bin/nc -- I think this _does_ constitute a > > serious danger that warrants the scrutiny it is getting. > > > > [*] Whether it can lead to arbitrary code execution, I don't know, and > > I'm not interested in studying further to find out; it doesn't > > take much to get arbitrary code execution, like a single null byte > > heap buffer overflow: > > > > https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html > > If somebody knows the details of such a bug and wants to fix it, that > seems uncontroversial. But we don't seem to be talking about that.
https://mail-index.netbsd.org/source-changes/2018/12/12/msg101400.html It being so trivial is embarrassing and a sign someone should have long ago stepped in and made sense of the code.
