[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#3008: Telnetd sets wrong USER (funny side effects)

Package: netstd
Version: 2.03-1

Telnetd sets the USER environment variable to the first given loginname,
even if it is incorrect. Some programs then use this USER as the
username, for example tin in outgoing postings. This is undesireable.

One of our customers is root on another system. He usually logs in to
our system with telnet (as root on his system). He uses Solaris, and
Solaris tries an auto-login with telnet (just like "telnet -l user system").
Ofcourse the root-login attempt fails and he then logs in under his own name.

However at this point the USER variable is set to "root". This person
posted some very dubious articles in even more dubious newsgroups
and the From: header said "root@cistron.nl". Euh....

  Miquel van    | Cistron Internet Services   --    Alphen aan den Rijn.
  Smoorenburg,  | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)

Reply to: