From owner-freebsd-audit Fri Oct 20 8:28:45 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com [194.25.134.19]) by hub.freebsd.org (Postfix) with ESMTP id 9EF1B37B4E5 for ; Fri, 20 Oct 2000 08:28:41 -0700 (PDT) Received: from fmrl02.sul.t-online.de by mailout06.sul.t-online.com with smtp id 13me4r-0005ln-00; Fri, 20 Oct 2000 17:27:25 +0200 Received: from neutron.cichlids.com (520050424122-0001@[62.156.17.79]) by fmrl02.sul.t-online.com with esmtp id 13me4l-1sVVkOC; Fri, 20 Oct 2000 17:27:19 +0200 Received: from cichlids.cichlids.com (cichlids.cichlids.com [192.168.0.10]) by neutron.cichlids.com (Postfix) with ESMTP id 3EED1AB91; Fri, 20 Oct 2000 17:29:34 +0200 (CEST) Received: by cichlids.cichlids.com (Postfix, from userid 1001) id 2A8D614B32; Fri, 20 Oct 2000 17:27:22 +0200 (CEST) Date: Fri, 20 Oct 2000 17:27:21 +0200 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: telnetd patch Message-ID: <20001020172721.A43072@cichlids.cichlids.com> References: <20001015165612.A17989@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001015165612.A17989@citusc17.usc.edu>; from kris@citusc.usc.edu on Sun, Oct 15, 2000 at 04:56:12PM -0700 X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8 A8 E3 BA F3 4E 60 7D 7F X-PGP-at: finger alex@big.endian.de X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung. From: alex@big.endian.de (Alexander Langer) X-Sender: 520050424122-0001@t-dialin.net Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thus spake Kris Kennaway (kris@citusc.usc.edu): > I think I caught all of the environment variables which the telnet > binary listens to..LOCALDOMAIN and RES_OPTIONS are potential problems, > but I don't really know what the impact of those are. LOCALDOMAIN > seems to allow you to override what the default domain the resolver > uses is, which may or may not be an issue for telnetd. Could someone > check? If there is a way to exploit the ENV of the superuser, then it is, since LOCALDOMAIN affects such things as you mentioned in the answer to Will's mail. However, I'm not sure if setting these to "" is the correct way, since it just breaks the behaviour. Users expect the DNS library to pay attention to LOCALDOMAIN and RES_OPTIONS. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message