Hello Ariel,
Apparently, telnetd _DOES_ set the REMOTEHOST variable.
It appears that my login program does the same thing. Did anyone check his
login? In addition to this, telnetd passes on the address of its client via
login's -h argument and enables the -p argument, which orders login to preserve
the environment.
Regards, Yotam Rubin
On Mon, Mar 12, 2001 at 03:48:56AM +0200, Ariel Biener wrote:
>
>
> That is not my understanding of the protocol. Not too long ago, it was
> possible to pass via the telnet client a variable that would point towards
> a certain shared library (hacked), and the telnetd actually used it, and
> enabled to gain remote elevated privileges.
>
> As far as I know (and Yaron, in this case, with his .. I don't know, 12-14
> years on Unix), telnet does pass some environment variables to telnetd,
> of which some are inherited by the login shell. (of course today it's all
> more paranoidically checked).
>
>
> --Ariel
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
