Bug#4190: moderate security hole in telnetd

To: klee@sedona.com
Cc: submit@bugs.debian.org
Subject: Bug#4190: moderate security hole in telnetd
From: lists@lina.inka.de (Bernd Eckenfels)
Date: Mon, 19 Aug 1996 13:34:35 +0200 (MET DST)
Message-id: <[🔎] m0usSbL-0004jSC@lina>
Reply-to: lists@lina.inka.de (Bernd Eckenfels), 4190@bugs.debian.org
In-reply-to: <[🔎] 199608190506.WAA27619@sauron.sedona.com> from "Klee Dienes" at Aug 18, 96 10:06:42 pm

> A quick workaround is to change envarok() in telnetd/state.c as
> appended.  My guess is that only telnetd needs to be changed for now,
> as neither rlogin nor rsh (if I remember correctly) allow the client
> to pass in environment variables.

Is this environment variable sourced for SUID/SGID programs, too? If yes,
there can be situations where ppl can fake address/name mappings which would
be otherwise trusted (cause they ae in /etc/hosts). Removing that feature
sounds like the best solution....

Greetings
bernd

Reply to:

Follow-Ups:
- Bug#4190: moderate security hole in telnetd
  - From: Miquel van Smoorenburg <miquels@cistron.nl>

References:
- Bug#4190: moderate security hole in telnetd
  - From: Klee Dienes <klee@sedona.com>

Prev by Date: Perl `pod' documentation should be in /usr/doc or not installed
Next by Date: Re: Packaging questions (newbie)
Previous by thread: Bug#4190: moderate security hole in telnetd
Next by thread: Bug#4190: moderate security hole in telnetd
Index(es):
- Date
- Thread