[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash prompt
- To: Yotam Rubin <yotam(at-nospam)makif.omer.k12.il>
- Subject: Re: Bash prompt
- From: Ariel Biener <ariel(at-nospam)fireball.tau.ac.il>
- Date: Mon, 12 Mar 2001 03:48:56 +0200 (IST)
- cc: ILUG <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <20010312013731.A1974@insomia17>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Mon, 12 Mar 2001, Yotam Rubin wrote:
That is not my understanding of the protocol. Not too long ago, it was
possible to pass via the telnet client a variable that would point towards
a certain shared library (hacked), and the telnetd actually used it, and
enabled to gain remote elevated privileges.
As far as I know (and Yaron, in this case, with his .. I don't know, 12-14
years on Unix), telnet does pass some environment variables to telnetd,
of which some are inherited by the login shell. (of course today it's all
more paranoidically checked).
--Ariel
> Hello Yaron,
>
> Telnet does no such thing, it merely execs some arbitrary program, which in
> our case is login. True, telnetd passes on to login the value of the remote
> host name but it does not set the environment variable independently.
>
> Regards, Yotam Rubin
>
>
> On Sun, Mar 11, 2001 at 09:04:21PM +0200, Yaron Zabary wrote:
> > On Sun, 11 Mar 2001, Boaz Rymland wrote:
> >
> > > Besides, AFAIK, enviroment variables are all shell dependant as they
> > > are created by the shell. Some might be completely standard, like
> > > TERM, but they are all to the mercy of the shell. (Ofcourse, I would
> > > love to be corrected or better rephrased :-) .
> >
> > Actually, telnetd whould probably set the env variable and would exec
> > login, which would inherit it.Then, once login execs the shell (actually
> > passwd's 7th value), it will inherit whatever they (telnetd and login)
> > will set in their env.
> >
> > > Boaz.
> >
> >
> > -- Yaron.
> >
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> >
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
--
Ariel Biener
e-mail: ariel@post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il