[456] in linux-security and linux-alert archive
(fwd) Telnetd Security Hole
daemon@ATHENA.MIT.EDU (Thomas Quinot)
Mon Nov 6 15:36:29 1995
Date: Mon, 6 Nov 95 18:03 MET
From: thomas@cuivre.fdn.fr (Thomas Quinot)
To: linux-security@tarsier.cv.nrao.edu
From: Cy Schubert - BCSC Open Systems Group <cschuber@uumail.gov.bc.ca>
Message-ID: <199511030521.VAA25158@passer.osg.gov.bc.ca>
X-Authentication-Warning: passer.osg.gov.bc.ca: Host localhost [127.0.0.1] didn't use HELO protocol
X-Mailer: DXmail
X-Old-To: linux-security@tarsier.cv.nrao.edu
cc: cy@passer.osg.gov.bc.ca
Subject: Telnetd Security Hole
Date: Thu, 02 Nov 95 21:21:35 -0800
X-Mts: smtp
Precedence: list
Sender: Mail-to-News@cuivre.fdn.fr
Approved: Mail-to-News@cuivre.fdn.fr
Newsgroups: linux.security
Path: melchior.cuivre.fdn.fr!Mail-to-News
Lines: 79
In response to the CERT advisory regarding the telentd seurity hole that
causes /bin/login to relinquish a root shell, I have put together a
patch for telnetd in the NetKit-B-0.5 package, based on a FreeBSD patch
posted by Mark Hittinger (bugs@news.win.net) to the comp.security.unix
newsgroup.
Note that the changes to telnetd.h compensate for kernel changes made after
NetKit-B-0.5 came out.
It's been tested for an evening, so no guarentees are made.
*** sys_term.org Sun Sep 10 04:39:50 1995
--- sys_term.c Wed Nov 1 10:43:32 1995
***************
*** 1292,1295 ****
--- 1292,1297 ----
char **addarg();
+ scrub_env();
+
/*
* -h : pass on name of host.
***************
*** 1392,1395 ****
--- 1395,1424 ----
}
#endif /* NEWINIT */
+
+ /*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+ scrub_env()
+ {
+ register char **cpp, **cpp2;
+
+ for (cpp2 = cpp = environ; *cpp; cpp++) {
+ #ifdef __FreeBSD__
+ if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+ strncmp(*cpp, "LD_NOSTD_PATH=", 14) &&
+ strncmp(*cpp, "LD_PRELOAD=", 11) &&
+ #else
+ if (strncmp(*cpp, "LD_", 3) &&
+ strncmp(*cpp, "_RLD_", 5) &&
+ strncmp(*cpp, "LIBPATH=", 8) &&
+ #endif
+ strncmp(*cpp, "IFS=", 4))
+ *cpp2++ = *cpp;
+ }
+ *cpp2 = 0;
+ }
/*
*** telnetd.h.orig Thu Nov 2 20:14:33 1995
--- telnetd.h Thu Nov 2 19:52:14 1995
***************
*** 47,49 ****
--- 47,54 ----
/* other external variables */
extern char **environ;
extern int errno;
+
+ #define TELOPT_ENVIRON TELOPT_OLD_ENVIRON
+ #define ENV_VAR OLD_ENV_VAR
+ #define ENV_VAR OLD_ENV_VAR
+ #define ENV_VALUE OLD_ENV_VALUE
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
--
Grand.Bwana@cuivre.fdn.fr | Linux : the choice of a GNU generation
