|
|
Log in / Subscribe / Register

Really funny

Really funny

Posted Jan 22, 2026 3:55 UTC (Thu) by wtarreau (subscriber, #51152)
Parent article: Remote authentication bypass in telnetd

That's really funny, because for a long time I had been keeping telnet and rsh running on my local machines because they were convenient and fast. And I remember being shocked when an update to telnet + telnetd allowed to directly pass the username to login(1). This immediately made me want to test if mine was affected by the good old rsh -l -froot from the 90s that I had been using when I was a student, and it was not (I don't remember if it was safe or if it didn't support it yet). It's just that I had been too impatient and needed to wait for the bug to finally come by itself :-) It was well before 2015, I'd say 2009 or 2010 max since it's about when I stopped using that machine as a local server. It's fun how history repeats itself!

There's hardly anything more dangerous than composing a command line by concatenating string elements delimited by spaces, some of which are attacker-controlled. There's almost no way to guarantee no extra argument may be injected in this. Yet it's done in a daemon that's supposed to be used to connect to a machine over the network... And since it's rarely used these days, almost nobody cares to check if anything changed in that code, because surely, "good old telnetd is known for being unbreakable".

to post comments

Really funny

Posted Jan 22, 2026 7:24 UTC (Thu) by epa (subscriber, #39769) [Link] (1 responses)

I wanted the speed of rsh or telnet on my 386SX, for connecting over the local network, but I knew that the code was of poor quality compared to ssh, so I patched ssh to add a “none” cipher for unencrypted communication.

Really funny

Posted Jan 27, 2026 3:20 UTC (Tue) by gdt (subscriber, #6284) [Link]

SSH with no encryption is popular for high-speed long-distance file transfers in some science disciplines. These large transfers are typically of science sensor output, which for Big Science is random-appearing data until it is crunched by some $millions of supercomputer into a fuzzy pixel. Whilst the data is not encrypted, the sensor output does meet some attributes of encrypted data.

To avoid serious user error, the OpenSSH project won't upstream a 'none' encryption option, so a fork of PortableSSH is maintained at github.com/rapier1/hpn-ssh.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds