[BusyBox] Are telnetd and login save?
Wolfgang Denk
wd at denx.de
Thu Jul 17 12:19:05 UTC 2003
In message <3F168CA6.20209 at imc-berlin.de> you wrote:
>
> I wonder if someone examined the telnetd or login utils that come with
> busy if it's safe?
I think you don't have to worry about telnetd - using telnet in any
application where security is an issue is a security risk in itself.
Remember that telnet transfers passwords in plain text.
> Or if we have to be prepared that someday someone comes up with an
> buffer overflow exploit (or whatever) that allows hin to break in to a
> busybox system (and get root access)?
With telnet this is definitely the case.
Best regards,
Wolfgang Denk
--
Software Engineering: Embedded and Realtime Systems, Embedded Linux
Phone: (+49)-8142-4596-87 Fax: (+49)-8142-4596-88 Email: wd at denx.de
1000 pains = 1 Megahertz
More information about the busybox
mailing list