[6142] in Kerberos
Why TELNET sends arbitrary environment variables at all?
daemon@ATHENA.MIT.EDU (Peter da Silva)
Mon Nov 6 22:35:20 1995
To: kerberos@MIT.EDU
Date: 6 Nov 1995 23:59:52 GMT
From: peter@nmti.com (Peter da Silva)
My question is, why did they set up Telnet so it passed arbitrary environment
variables at all? About the only ones I can think of worth passing are "TERM"
and "DISPLAY".
Rather than wait for the next security patch, set up a login wrapper that
only keeps TERM and DISPLAY and ignores the rest...
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
