Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Telnet attack on SGI

From: adam () bwh harvard edu (Adam Shostack)
Date: Thu, 2 Nov 1995 13:59:59 -0500

Doug Siebert wrote:

| There are two ways I know of to protect against this attack until SGI has a
| patch ready.  One would be to write a wrapper that removes "dangerous"
| environment variables.  Obviously, figuring out which ones are dangerous is
| the trick!  Certainly anything that starts LD_ or _RLD should be
| removed.  But
| there may always be others you don't know about.  You'd take your wrapper and

        A wrapper should only pass 'trusted' and needed environment
variables.  TZ, LANG, TERMCAP and the like.  Its much easier to figure
out what you need than what you shouldn't trust.

        Logdaemon is supposedly not affected by this; I suspect that
that's because it already empties its environment.  Good defensive
code that.

Adam

--
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume
Previous By Date Next
Previous By Thread Next

Current thread: