[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#3008: Telnetd sets wrong USER (funny side effects)

Miquel van Smoorenburg wrote:
> Package: netstd
> Version: 2.03-1
> Telnetd sets the USER environment variable to the first given loginname,
> even if it is incorrect. Some programs then use this USER as the
> username, for example tin in outgoing postings. This is undesireable.
> One of our customers is root on another system. He usually logs in to
> our system with telnet (as root on his system). He uses Solaris, and
> Solaris tries an auto-login with telnet (just like "telnet -l user system").
> Ofcourse the root-login attempt fails and he then logs in under his own name.
> However at this point the USER variable is set to "root". This person
> posted some very dubious articles in even more dubious newsgroups
> and the From: header said "root@cistron.nl". Euh....

IMHO there is not much I can do. The "autologin" feature (-a and -l)
works like this ("user" is set by the -a or -l option):

    if (autologin && user == NULL) {
        struct passwd *pw;

        user = getenv("USER");
        if (user == NULL ||
            (pw = getpwnam(user)) && pw->pw_uid != getuid()) {
                if (pw = getpwuid(getuid()))
                        user = pw->pw_name;
                        user = NULL;
    if (user) {
        env_define((unsigned char *)"USER", (unsigned char *)user);
        env_export((unsigned char *)"USER");

As you can see it simply takes the user name and exports it if
using autologin. At this point "telnet" doesn't know if USER
is set correctly.
Telnetd on the other side just gets a "telnet" connection from
the client with the order to set USER to the given name. Telnetd
now prepares the environment and passes it to /bin/login (note:
telnetd can't check if USER is set correctly, because /bin/login
does the user authentication). If you use "telnet -l root hostname"
for example telnetd sets USER=root and starts /bin/login (passing
USER to it). The problem is that /bin/login never returns to telnetd
so telnetd doesn't know if it was a successful login or not and
/bin/login doesn't modify USER.

IMHO the only solution to the problem would be to add a

  setenv("USER", pwd->pw_name, 1);

to the login program. The source already sets USER like this on
non linux platforms.



PS: If there are no objections I'll reassign the bug to the
    login package.

 Peter Tobias                                EMail:
 Fachhochschule Ostfriesland                 tobias@et-inf.fho-emden.de
 Fachbereich Elektrotechnik und Informatik   tobias@debian.org
 Constantiaplatz 4, 26723 Emden, Germany

Reply to: