Re: Telnet attack on SGI

[jmason () iona ie (Justin Mason)]

Douglas Siebert says:

> There are two ways I know of to protect against this attack until SGI has a
> patch ready.  One would be to write a wrapper that removes "dangerous"
> environment variables.  Obviously, figuring out which ones are dangerous is
> the trick!  Certainly anything that starts LD_ or _RLD should be removed.  But
> there may always be others you don't know about.

There are a profusion of various *LD* environment variables to watch
out for on each different platform, along with other similar dodgy
vars; every time a vendor comes out with a major release, a new
LD_whatever var seems to be created. :( I think a little firewall
philosophy should be used here, namely deny unless explicitly
permitted.

Anyway, most env vars are not portable across a network, unless you've
got a pretty homogenous lan; for example, in my environment I've got
XMBINDDIR, XUSERFILESEARCHPATH, ftp_proxy, http_proxy, XAPPLRESDIR,
XBMLANGPATH, PGPPATH, PATH and OSTYPE.  If all these env vars suddenly
got propagated to, for example, my login at my old university, most of
them would be useless, or even disruptive in their effects.

The env vars that spring to mind as being useful accross a network are:
TZ, DISPLAY and TERM. Of course, to allow future enhancements, this
should be a configurable option for the telnetd.

Opinions?

--j.