David Engel wrote: > About the best I can do, without further guidance, is make libc not > echo the problem lines to stderr. Is that acceptable?
I'm not sure. Someone could still read special files as root (they would not see the contents, but merely reading them might sometimes cause troubles too, if reading changes the state of the device - as is the case with tapes, for example). My suggestion (not tested, but it is rather simple) - replace all occurrences of getenv() in the resolver with safe_getenv(), implemented like this: char * safe_getenv(const char *name) { if (geteuid() != getuid() || getegid() != getgid()) return NULL; return getenv(name); } This assumes that telnetd will only pass known safe environment variables to login, as suggested in another bug report against netstd (I just got a response that the next netstd will be OK). In the more paranoid version, safe_getenv() could simply always return NULL. Not all of the environment variables used by the resolver might be dangerous - but I think it is better to err on the safe side here... Marek