[438] in linux-security and linux-alert archive
Telnetd Security Hole
daemon@ATHENA.MIT.EDU (Cy Schubert - BCSC Open Systems Gr)
Sun Nov 5 16:21:32 1995
From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca>
Reply-to: cschuber@orca.gov.bc.ca
To: linux-security@tarsier.cv.nrao.edu
cc: cy@passer.osg.gov.bc.ca
Date: Thu, 02 Nov 95 21:21:35 -0800
In response to the CERT advisory regarding the telentd seurity hole that
causes /bin/login to relinquish a root shell, I have put together a
patch for telnetd in the NetKit-B-0.5 package, based on a FreeBSD patch
posted by Mark Hittinger (bugs@news.win.net) to the comp.security.unix
newsgroup.
Note that the changes to telnetd.h compensate for kernel changes made after
NetKit-B-0.5 came out.
It's been tested for an evening, so no guarentees are made.
*** sys_term.org Sun Sep 10 04:39:50 1995
--- sys_term.c Wed Nov 1 10:43:32 1995
***************
*** 1292,1295 ****
--- 1292,1297 ----
char **addarg();
+ scrub_env();
+
/*
* -h : pass on name of host.
***************
*** 1392,1395 ****
--- 1395,1424 ----
}
#endif /* NEWINIT */
+
+ /*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+ scrub_env()
+ {
+ register char **cpp, **cpp2;
+
+ for (cpp2 = cpp = environ; *cpp; cpp++) {
+ #ifdef __FreeBSD__
+ if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+ strncmp(*cpp, "LD_NOSTD_PATH=", 14) &&
+ strncmp(*cpp, "LD_PRELOAD=", 11) &&
+ #else
+ if (strncmp(*cpp, "LD_", 3) &&
+ strncmp(*cpp, "_RLD_", 5) &&
+ strncmp(*cpp, "LIBPATH=", 8) &&
+ #endif
+ strncmp(*cpp, "IFS=", 4))
+ *cpp2++ = *cpp;
+ }
+ *cpp2 = 0;
+ }
/*
*** telnetd.h.orig Thu Nov 2 20:14:33 1995
--- telnetd.h Thu Nov 2 19:52:14 1995
***************
*** 47,49 ****
--- 47,54 ----
/* other external variables */
extern char **environ;
extern int errno;
+
+ #define TELOPT_ENVIRON TELOPT_OLD_ENVIRON
+ #define ENV_VAR OLD_ENV_VAR
+ #define ENV_VAR OLD_ENV_VAR
+ #define ENV_VALUE OLD_ENV_VALUE
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
