[6151] in Kerberos
Re: Why TELNET sends arbitrary environment variables at all?
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Nov 7 16:21:22 1995
Date: Tue, 7 Nov 1995 16:02:27 -0500
To: djb@silverton.berkeley.edu (D. J. Bernstein)
Cc: kerberos@MIT.EDU
In-Reply-To: <1995Nov718.08.27.8550@silverton.berkeley.edu>
From: "Richard Basch" <basch@lehman.com>
How about within an enterprise? You might want to pass PRINTER, LPDEST
and other environment variables relating to your local configuration.
For instance, if I am working in one corporate office, I might set
certain variables to utilize local resources (printers, servers, etc.),
but I might remotely log into some of the machines in another country.
As long as they know about these resources (and within some enterprises,
this is indeed the case), I can simplify my login procedure to
automatically set these variables accordingly. Likewise, I would prefer
not having to hardcode various environment variables into my startup
scripts, because I might be travelling to another office within our
enterprise network...
The point is you CAN'T predict what environment variables a user may
wish to pass, but you can protect the sensitive environment variables
that can affect the operations of the login procedure. After that, the
only thing that can be compromised are utilities that the user could
already run, and they could already do that within their own command
shell.
On , 7-November-1995, "D. J. Bernstein" wrote to "kerberos@MIT.EDU" saying:
> Casper H.S. Dik - Network Security Engineer <Casper.Dik@Holland.Sun.COM> wrote:
> > peter@nmti.com (Peter da Silva) writes:
> [ why should telnet bother passing anything except TERM and DISPLAY? ]
> > But what about:
> [ TZ, TERMCAP, LC*, LESSCHARSET, WINDOWID, PRINTER, LPDEST, EXINIT, LANG ]
>
> Be serious. How often do you change EXINIT? Why should this be passed?
>
> TZ does vary, but do you really want an ls -l in your home directory to
> shift all the times by an hour when you connect from the next time zone?
> Why should this be passed?
>
> As for TERM and TERMCAP, it's absurd that every screen-aware program
> should have to waste the time and effort to support thousands of
> possible terminal codes. The right solution is obvious.
>
> ---Dan
--
Richard Basch URL: http://web.mit.edu/probe/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
