[BusyBox] Are telnetd and login save?
Steven Scholz
steven.scholz at imc-berlin.de
Thu Jul 17 12:48:04 UTC 2003
Wolfgang Denk wrote:
> In message <3F168CA6.20209 at imc-berlin.de> you wrote:
>
>>I wonder if someone examined the telnetd or login utils that come with
>> busy if it's safe?
>
> I think you don't have to worry about telnetd - using telnet in any
> application where security is an issue is a security risk in itself.
>
> Remember that telnet transfers passwords in plain text.
I know.
>
>>Or if we have to be prepared that someday someone comes up with an
>>buffer overflow exploit (or whatever) that allows hin to break in to a
>>busybox system (and get root access)?
>
>
> With telnet this is definitely the case.
Why? I thought if you're carefully checking lenght and size of
incomming packets before processing them you're safe? Am I wrong?
Steven
More information about the busybox
mailing list