From owner-freebsd-questions  Mon Nov  6 12:43:22 1995
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id MAA12648
          for questions-outgoing; Mon, 6 Nov 1995 12:43:22 -0800
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA12583
          for <freebsd-questions@freebsd.org>; Mon, 6 Nov 1995 12:40:02 -0800
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id NAA15846; Mon, 6 Nov 1995 13:34:56 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199511062034.NAA15846@phaeton.artisoft.com>
Subject: Re: Fwd: CERT Advisory CA-95:14 - Telnetd Environment Vulnerability (fwd)
To: davidg@root.com
Date: Mon, 6 Nov 1995 13:34:56 -0700 (MST)
Cc: paul@trumpet.net.au, freebsd-questions@freebsd.org
In-Reply-To: <199511060859.AAA00611@corbin.Root.COM> from "David Greenman" at Nov 6, 95 00:59:44 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 648       
Sender: owner-questions@freebsd.org
Precedence: bulk

> >        FreeBSD                           vulnerable
> 
>    Unfortunately, the list wasn't updated for FreeBSD. The problem is fixed in
> both -current and the upcoming 2.1 release.

Is this in fact even a problem?

The /usr/bin/login program is an suid program, meaning that library
environment variables should be ignored.

There *is* a potential hole in the ldconfig, since the object (incorrectly)
does not "rememeber" the link-time fully qualified path, but that exists
even in the "fixed" -current.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.