dragora/patches/inetutils/0020-telnetd-Scrub-USER-from-environment.patch

From e971f2bdfab2465d9f86cf092ce3ab8ba05e57c9 Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson <gnu@gisladisker.se>
Date: Fri, 24 Feb 2017 00:02:14 +0100
Subject: [PATCH 20/60] telnetd: Scrub USER from environment.

Avoid conflicting user identity by forgetting whatever
the serving host considers to be the process owner.
---
 ChangeLog         | 11 +++++++++++
 telnetd/telnetd.c |  8 ++++++++
 2 files changed, 19 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index f0289780..8c95a08f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-02-23  Mats Erik Andersson  <gnu@gisladisker.se>
+
+	telnetd: Scrub USER from environment.
+	Discard the environment variable USER.  It will later be set
+	properly for autologin, but at least one BSD system passes
+	a preset value when telnetd starts, a value which will cause
+	rejected login when autologin is not in effect.
+
+	* telnetd/telnetd.c (telnetd_setup): Unset environment
+	variable USER before calling getterminaltype().
+
 2016-05-23  Mats Erik Andersson  <gnu@gisladisker.se>
 
 	hostname: Avoid a trailing space.
diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c
index 0bf102ac..b7c57dd2 100644
--- a/telnetd/telnetd.c
+++ b/telnetd/telnetd.c
@@ -504,6 +504,14 @@ telnetd_setup (int fd)
 
   io_setup ();
 
+  /* Before doing anything related to the identity of the client,
+   * scrub the environment variable USER, since it may be set with
+   * an irrelevant user name at this point.  OpenBSD has been known
+   * to offend at this point with their own inetd.  Any demand for
+   * autologin will get attention in getterminaltype().
+   */
+  unsetenv ("USER");
+
   /* get terminal type. */
   uname[0] = 0;
   level = getterminaltype (uname, sizeof (uname));
-- 
2.26.0.292.g33ef6b2f38