[4600] in linux-net channel archive
Re: A SERIOUS security problem!!!!
daemon@ATHENA.MIT.EDU (David Holland)
Mon Sep 30 18:37:47 1996
From: David Holland <dholland@eecs.harvard.edu>
To: brian@lantz.com (Brian A. Lantz)
Date: Mon, 30 Sep 1996 13:29:40 -0400 (EDT)
Cc: linux-net@vger.rutgers.edu, torvalds@cs.helsinki.fi
In-Reply-To: <Pine.LNX.3.91.960929141949.27279B-100000@lantz.com> from "Brian A. Lantz" at Sep 29, 96 04:01:20 pm
> [set LD_LIBRARY_PATH via telnetd]
This isn't the only problem with telnetd. If you aren't running the
telnetd from NetKit-B-0.08 (which blocks almost all environment
variables) you are asking for trouble.
(Be advised, btw, that if you install that NetKit, you may not want to
install its version of telnet. There have been some [non-security]
bugs reported; I'm intending to get a fixed version out as soon as I
can but I've been extremely busy.)
--
- David A. Holland | Average number of times an American
dholland@eecs.harvard.edu | opens the refrigerator each day: 22
