Don't allow LD_* env. variables to be tricked

Submitted by: Sam Hartman <hartmans@mit.edu>

1 files changed, 25 insertions, 3 deletions

diff --git a/secure/libexec/telnetd/sys_term.c b/secure/libexec/telnetd/sys_term.c
index 7d17dfb..1f97554 100644
--- a/secure/libexec/telnetd/sys_term.c
+++ b/secure/libexec/telnetd/sys_term.c
@@ -32,7 +32,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)sys_term.c	8.4 (Berkeley) 5/30/95";
+static char sccsid[] = "@(#)sys_term.c	8.4+1 (Berkeley) 5/30/95";
 #endif /* not lint */
 
 #include "telnetd.h"
@@ -1581,10 +1581,12 @@ start_login(host, autologin, name)
 	utmpx.ut_id[3] = SC_WILDC;
 	utmpx.ut_type = LOGIN_PROCESS;
 	(void) time(&utmpx.ut_tv.tv_sec);
-	if (pututxline(&utmpx) == NULL)
-		fatal(net, "pututxline failed");
+	if (makeutx(&utmpx) == NULL)
+		fatal(net, "makeutx failed");
 #endif
 
+	scrub_env();
+
 	/*
 	 * -h : pass on name of host.
 	 *		WARNING:  -h is accepted by login if and only if
@@ -1821,6 +1823,26 @@ addarg(argv, val)
 #endif	/* NEWINIT */
 
 /*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+scrub_env()
+{
+	register char **cpp, **cpp2;
+
+	for (cpp2 = cpp = environ; *cpp; cpp++) {
+		if (!strncmp(*cpp, "LD_", 3) &&
+		    !strncmp(*cpp, "_RLD_", 5) &&
+		    !strncmp(*cpp, "LIBPATH=", 8) &&
+		    !strncmp(*cpp, "IFS=", 4))
+			*cpp2++ = *cpp;
+	}
+	*cpp2 = 0;
+}
+
+/*
  * cleanup()
  *
  * This is the routine to call when we are all through, to