Bug#4333: telnetd should be more paranoid about environment
Right now, telnetd checks for a few dangerous environment variables.
I think it should do what telnetd in NetKit-0.08 does: only allow
a few variables which are known to be safe, and don't allow any
others. The problem is that you never know that the list of the
dangerous variables is complete.
For example, we check for ENV, but not for BASH_ENV (mentioned in
the bash man page in one place - GNU creeping featurism strikes
again, argh), and also not for RESOLV_HOST_CONF and a few others.
NetKit-0.08 telnetd only allows DISPLAY, TERM, USER, LOGNAME and
POSIXLY_CORRECT. I think we should do the same (ideally, the list
should be made configurable without recompiling, but that can be