getty-ps 2.1.0b for linux 2.2 and higher 16-Apr-2004 (This *should* work with Linux 1.0.x, but I don't have a test system...) Hello, everyone! For those of you new to getty-ps, please allow me to introduce myself. I am Christine Jamison, and I am the current maintainer of getty-ps. A new release of getty-ps is now available. There are no new features in this release, as it is an emergency release, for a reported security bug, CERT VU#342768. This problem has also been reported as SecurityFocus BID #2194, and CVE-2001-0119. The problem occurs *ONLY* when getty_ps (getty or uugetty) is put in "debug work file mode" (either "#define SYSLOG" or "#define SYSLOG_DEBUG" is *NOT* present, and Debug > 0), which should *NEVER* be done in production! Current versions (2.0.8 and above) come with getty/uugetty *not* configured this way by default. However, if it *should* get configured this way inadvertantly, then this security bug would come out. Please see the Change Log for the details of the bug. I expect to have a new release out in this summer (2004) with some really nice new features! Also, I have found several areas that I are not talked about in the documentation, so I will be adding to the documentation as well. This release is *MANDITORY*, to fix the security bug reported above. (But, for the bug to be in production, somone would have to be not paying attention! But, a security bug is a security bug....) Again, if you have been having problems with *any* previous release, I strongly urge you to upgrade. This release is upward compatible with all previous releases. For those of you who are unfamiliar with getty_ps, here are some of its features: * A versatile config file allows modems to be initialized with a chat script similar to that used in uucp. * Modems can be used as bi-directional lines. Getty will monitor a tty port and reset when another program frees the line. * Modems can be set up in "ringback" mode. Ringback is a special way of answering a modem call. When in ringback mode, getty will only answer the line when the phone rings once or twice followed by a brief delay, and then rings again. This allows a single phone line to be used for data and voice calls. * Getty can be scheduled to be "on" and "off" during specified time periods, allowing access to be restricted to certain times (this option _finally_ works with timezones and daylight savings time). * Fidonet mailers are supported (the ifmail package is required to take advantage of this feature). I am late with the upcoming release, as I have been working on other projects, and honing my C skills! How often more than that releases are made depends mostly on what problems I find and features I decide to add. I have all the (published) notes from Kris, but sugestions from users would be most appreciated. So, if you have any specific features you would like to see, let me know! A last comment about version IDs. The way I will be assigning version IDs is as follows: X.Y.Z, followed by an optional letter. If an important patch needs to get out, then I will use the optional trailing letter. All patches will be cumulative (so that 2.0.9d includes the patches in 2.0.9a thru 2.0.9c, *plus* 2.0.9d). The next release will include all patches from the previous release (that is, 2.0.10 will be 2.0.9, *plus* 2.0.9a thru 2.0.9d, *plus* whatever I was *planning* to put out in 2.0.10!) The expected progression of code and features will just increment the last number. If major code changes are done (but still upward compatable), then the middle number will be incremented. The first number will be incremented *only* if a change occurs that makes the code *not* completely upward compatable (like the format of a configuration file changes). As always, if you have any problems with or questions about this software, I would be happy to hear from you! I *always* return e-mails, but not always as soon as I would like! Christine Jamison