Date: Wed, 1 Nov 1995 21:06:24 -0500 (EST) From: John Capo <jc@irbs.com> To: rnw+@andrew.cmu.edu (Robert N Watson) Cc: freebsd-questions@freefall.freebsd.org Subject: Re: CERT advisory, telnetd bug -- any progress? Message-ID: <199511020206.VAA25935@irbs.irbs.com> In-Reply-To: <gka17Aq00YUxARy0d8@andrew.cmu.edu> from "Robert N Watson" at Nov 1, 95 07:33:16 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Robert N Watson writes:
>
> I know there was some discussion going on on freebsd-security (or
> somewhere) concerning the telnetd patch -- has a formal patch bee
> released yet, or are 2.0.5R users dead in the water for a bit? (well,
> rather, sitting ducks in the water.) Could a binary update to telnetd
> be put up somewhere for us to grab?
>
Here are patches, one for -stable and one for 1.1.5.1. I don't
know if either will apply to 2.0.5 but you can see how it is
implemented. Basically a function is added called scrub_env() and
it is called at the beginning of start_login().
In lieu of patching telnetd, you can use the setgid scheme in the
bulletin.
John Capo jc@irbs.com
IRBS Engineering High performance FreeBSD systems
(305) 792-9551 Internet Consulting - ISP Solutions
--- Patch for -stable (aka 2.1) ---
*** libexec/telnetd/sys_term.c Sun Sep 10 04:39:50 1995
--- /usr/current/libexec/telnetd/sys_term.c Tue Oct 24 05:35:22 1995
***************
*** 1555,1560 ****
--- 1555,1562 ----
fatal(net, "makeutx failed");
#endif
+ scrub_env();
+
/*
* -h : pass on name of host.
* WARNING: -h is accepted by login if and only if
***************
*** 1766,1771 ****
--- 1768,1798 ----
return(argv);
}
#endif /* NEWINIT */
+
+ /*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+ scrub_env()
+ {
+ register char **cpp, **cpp2;
+
+ for (cpp2 = cpp = environ; *cpp; cpp++) {
+ #ifdef __FreeBSD__
+ if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+ strncmp(*cpp, "LD_PRELOAD=", 11) &&
+ #else
+ if (strncmp(*cpp, "LD_", 3) &&
+ strncmp(*cpp, "_RLD_", 5) &&
+ strncmp(*cpp, "LIBPATH=", 8) &&
+ #endif
+ strncmp(*cpp, "IFS=", 4))
+ *cpp2++ = *cpp;
+ }
+ *cpp2 = 0;
+ }
/*
* cleanup()
---- End of patch ---
---- Patch for 1.1.5.1 ----
*** libexec/telnetd/sys_term.c.orig Sun May 22 15:24:51 1994
--- libexec/telnetd/sys_term.c Wed Nov 1 14:46:45 1995
***************
*** 1275,1280 ****
--- 1275,1282 ----
register char **argv;
char **addarg(), *user;
+ scrub_env();
+
/*
* -h : pass on name of host.
* WARNING: -h is accepted by login if and only if
***************
*** 1371,1376 ****
--- 1373,1397 ----
return(argv);
}
#endif /* NEWINIT */
+
+ /*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+ scrub_env()
+ {
+ register char **cpp, **cpp2;
+
+ for (cpp2 = cpp = environ; *cpp; cpp++) {
+ if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+ strncmp(*cpp, "LD_PRELOAD=", 11) &&
+ strncmp(*cpp, "IFS=", 4))
+ *cpp2++ = *cpp;
+ }
+ *cpp2 = 0;
+ }
/*
* cleanup()
--- End of Patch ---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511020206.VAA25935>