Prohibit the passing of TERMCAP, TERMPATH, TERMINFO, and HOME, since

they can be used to exploit a security in tgetent.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10248 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index b8fa48c52b96285e4926768a760fafd187237b64..6b7ef9fb2500a08c5bdbb40c53c7cf649b88953c 100644 (file)
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,9 @@
+Thu Oct 23 13:59:32 1997  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * state.c (envvarok): Prohibit the passing of TERMCAP, TERMPATH,
+               TERMINFO, and HOME, since they can be used to exploit a
+               security in tgetent.
+
 Wed Apr  9 23:46:40 1997  Tom Yu  <tlyu@mit.edu>
 
        * sys_term.c (start_login): Bounds check the constructed "speed"

diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
index 16e71d470fbae565c12e0c6ff57bcb3c1c92613a..9d5224acce537d4f244538ecb5f3492fc138207d 100644 (file)
--- a/src/appl/telnet/telnetd/state.c
+++ b/src/appl/telnet/telnetd/state.c
@@ -1645,6 +1645,10 @@ static int envvarok(varp)
        char *varp;
 {
        if (!strchr(varp, '=') &&
+           strcmp(varp, "TERMCAP") && /* to prevent a security hole  */
+           strcmp(varp, "TERMINFO") && /* with tgetent */
+           strcmp(varp, "TERMPATH") &&
+           strcmp(varp, "HOME") && /* to prevent the tegetent bug  */
            strncmp(varp, "LD_", strlen("LD_")) && /* most systems */
            strncmp(varp, "_RLD_", strlen("_RLD_")) && /* irix */
            strncmp(varp, "KRB5", strlen("KRB5")) && /* v5 */