Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

Russ Allbery rra at
Mon Jul 22 21:04:01 EDT 2002

Jeffrey Altman <jaltman at> writes:

>> I think there's been... one?  None?  klogind advisories over the same
>> period of time that has seen at least five serious remotely-exploitable
>> sshd holes.

>> Whether that's because fewer people care or because the program is
>> simpler, I have no idea, and frankly don't particularly care.  It
>> translates into fewer exploits.

> The same could be said of telnet.  Its simpler and has less
> functionality.  Therefore, it should be easier to secure.

True, although telnet option negotiation makes it more complex than
klogind, and again this is reflected in the number of security advisories:
I remember at least one remote hole in the Kerberos telnetd, and I'm still
having a hard time remembering any klogind holes, at least recently.

Russ Allbery (rra at             <>

More information about the krbdev mailing list