non-privileged normal user passing environment variables to /bin/login

0

Suppose that in FreeBSD (or linux maybe) there is a non-privileged normal user (non-superuser). And there is a telnet standalone (I know that telnet is usually run under inetd) running under (owned by) this user. (Suppose that there was no original, root-owned telnet running.) This telnet server is programmed so that it does not check ld_* environment variables before passing it to /bin/login owned by root that has setuid set up.

The question would be: 1. Will this telnet work? 2. If it does work, will it even be able to pass environment variables to /bin/login?

AAAAAAAA

Posted 2012-09-24T05:09:25.833

Reputation: 1

Question was closed 2012-09-24T08:14:59.330

Answers

0

Suppose that in FreeBSD (or linux maybe) there is a non-privileged superuser.

"Non-privileged superuser" is a contradiction in terms; the word "superuser" itself means a user having all privileges.

This telnet server is programmed so that it does not check ld_* environment variables

I'm not sure if this is relevant. The telnet server doesn't have any special privileges, so stripping LD_* variables is not very useful...

  1. Will this telnet work? 2. If it does work, will it even be able to pass environment variables to /bin/login?

It will partially work, but it will likely be unable to bind to the standard Telnet port due to missing CAP_NET_BIND_SERVICE privilege.

Yes, it will be able to pass environment variables to login, just like any other process can. However, at least on Linux, the loader (ld-linux.so) discards all LD_* variables before running a setuid program, so a setuid-login would be unaffected by them.

user1686

Posted 2012-09-24T05:09:25.833

Reputation: 283 655

Asked: 2012-09-24T05:09:25.833

Viewed: 149 times

Active: 2012-09-24T08:20:26.600