On Mon, 12 Mar 2001, Yotam Rubin wrote:
That is not my understanding of the protocol. Not too long ago, it was
possible to pass via the telnet client a variable that would point towards
a certain shared library (hacked), and the telnetd actually used it, and
enabled to gain remote elevated privileges.
As far as I know (and Yaron, in this case, with his .. I don't know, 12-14
years on Unix), telnet does pass some environment variables to telnetd,
of which some are inherited by the login shell. (of course today it's all
more paranoidically checked).
--Ariel
> Hello Yaron,
>
> Telnet does no such thing, it merely execs some arbitrary program, which in
> our case is login. True, telnetd passes on to login the value of the remote
> host name but it does not set the environment variable independently.
>
> Regards, Yotam Rubin
>
>
> On Sun, Mar 11, 2001 at 09:04:21PM +0200, Yaron Zabary wrote:
> > On Sun, 11 Mar 2001, Boaz Rymland wrote:
> >
> > > Besides, AFAIK, enviroment variables are all shell dependant as they
> > > are created by the shell. Some might be completely standard, like
> > > TERM, but they are all to the mercy of the shell. (Ofcourse, I would
> > > love to be corrected or better rephrased :-) .
> >
> > Actually, telnetd whould probably set the env variable and would exec
> > login, which would inherit it.Then, once login execs the shell (actually
> > passwd's 7th value), it will inherit whatever they (telnetd and login)
> > will set in their env.
> >
> > > Boaz.
> >
> >
> > -- Yaron.
> >
> >
> > =================================================================
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
--
Ariel Biener
e-mail: [EMAIL PROTECTED]
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
