icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

rlogin(1): The Untold Story

Technical Report
By
Members of the CERT/CC have analyzed coding defects with the goal of understanding each well enough to communicate the details to those responsible for fixing them and those responsible for installing their fixes (systems administrators). This report describes everything that members of the CERT/CC have learned and subsequently synthesized from analyzing the rlogin defect.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-98-TR-017

Abstract

Coding defects account for a significant portion of the reports received by the CERT Coordination Center (CERT/CC). Through in-depth analysis of these reports and generalizing our findings from those analyses, we have begun to create guidelines for mitigation strategies for existing defects and avoidance strategies when coding new software. In this document, we report the results of our analysis of the well-known defect in the rlogin program. We discuss the coding defect in detail, three mitigation strategies devised to remedy the defect, and two avoidance strategies offered as a guide to reducing the instances of similar coding defects in new programs. We end with three design notes aimed at eliminating these defects at the hardware and protocol design level.

SHARE
Download PDF
Cite This Technical Report

Rogers, L. (1998, November 1). rlogin(1): The Untold Story. (Technical Report CMU/SEI-98-TR-017). Retrieved December 22, 2024, from https://insights.sei.cmu.edu/library/rlogin1-the-untold-story/.

@techreport{rogers_1998,
author={Rogers, Lawrence},
title={rlogin(1): The Untold Story},
month={{Nov},
year={{1998},
number={{CMU/SEI-98-TR-017},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/rlogin1-the-untold-story/},
note={Accessed: 2024-Dec-22}
}

Rogers, Lawrence. "rlogin(1): The Untold Story." (CMU/SEI-98-TR-017). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, November 1, 1998. https://insights.sei.cmu.edu/library/rlogin1-the-untold-story/.

L. Rogers, "rlogin(1): The Untold Story," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-98-TR-017, 1-Nov-1998 [Online]. Available: https://insights.sei.cmu.edu/library/rlogin1-the-untold-story/. [Accessed: 22-Dec-2024].

Rogers, Lawrence. "rlogin(1): The Untold Story." (Technical Report CMU/SEI-98-TR-017). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Nov. 1998. https://insights.sei.cmu.edu/library/rlogin1-the-untold-story/. Accessed 22 Dec. 2024.

Rogers, Lawrence. rlogin(1): The Untold Story. CMU/SEI-98-TR-017. Software Engineering Institute. 1998. https://insights.sei.cmu.edu/library/rlogin1-the-untold-story/

Ask a question about this Technical Report