123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- From e971f2bdfab2465d9f86cf092ce3ab8ba05e57c9 Mon Sep 17 00:00:00 2001
- From: Mats Erik Andersson <gnu@gisladisker.se>
- Date: Fri, 24 Feb 2017 00:02:14 +0100
- Subject: [PATCH 20/60] telnetd: Scrub USER from environment.
- Avoid conflicting user identity by forgetting whatever
- the serving host considers to be the process owner.
- ---
- ChangeLog | 11 +++++++++++
- telnetd/telnetd.c | 8 ++++++++
- 2 files changed, 19 insertions(+)
- diff --git a/ChangeLog b/ChangeLog
- index f0289780..8c95a08f 100644
- --- a/ChangeLog
- +++ b/ChangeLog
- @@ -1,3 +1,14 @@
- +2017-02-23 Mats Erik Andersson <gnu@gisladisker.se>
- +
- + telnetd: Scrub USER from environment.
- + Discard the environment variable USER. It will later be set
- + properly for autologin, but at least one BSD system passes
- + a preset value when telnetd starts, a value which will cause
- + rejected login when autologin is not in effect.
- +
- + * telnetd/telnetd.c (telnetd_setup): Unset environment
- + variable USER before calling getterminaltype().
- +
- 2016-05-23 Mats Erik Andersson <gnu@gisladisker.se>
-
- hostname: Avoid a trailing space.
- diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c
- index 0bf102ac..b7c57dd2 100644
- --- a/telnetd/telnetd.c
- +++ b/telnetd/telnetd.c
- @@ -504,6 +504,14 @@ telnetd_setup (int fd)
-
- io_setup ();
-
- + /* Before doing anything related to the identity of the client,
- + * scrub the environment variable USER, since it may be set with
- + * an irrelevant user name at this point. OpenBSD has been known
- + * to offend at this point with their own inetd. Any demand for
- + * autologin will get attention in getterminaltype().
- + */
- + unsetenv ("USER");
- +
- /* get terminal type. */
- uname[0] = 0;
- level = getterminaltype (uname, sizeof (uname));
- --
- 2.26.0.292.g33ef6b2f38
|