Bug#4190: moderate security hole in telnetd
> A quick workaround is to change envarok() in telnetd/state.c as
> appended. My guess is that only telnetd needs to be changed for now,
> as neither rlogin nor rsh (if I remember correctly) allow the client
> to pass in environment variables.
Is this environment variable sourced for SUID/SGID programs, too? If yes,
there can be situations where ppl can fake address/name mappings which would
be otherwise trusted (cause they ae in /etc/hosts). Removing that feature
sounds like the best solution....
Greetings
bernd
Reply to: