non-privileged normal user passing environment variables to /bin/login [closed]
Posted
by
AAAAAAAA
on Super User
See other posts from Super User
or by AAAAAAAA
Published on 2012-09-24T05:09:25Z
Indexed on
2012/09/24
9:40 UTC
Read the original article
Hit count: 315
Suppose that in FreeBSD (or linux maybe) there is a non-privileged normal user (non-superuser). And there is a telnet standalone (I know that telnet is usually run under inetd) running under (owned by) this user. (Suppose that there was no original, root-owned telnet running.) This telnet server is programmed so that it does not check ld_* environment variables before passing it to /bin/login owned by root that has setuid set up.
The question would be: 1. Will this telnet work? 2. If it does work, will it even be able to pass environment variables to /bin/login?
© Super User or respective owner