f2e6a017d5
The "automatic" login feature is described as follows: The USER environment variable holds the name of the person telnetting in. This is the username of the person on the client machine. The traditional behaviour is to execute login(1) with this username first, meaning that login(1) will prompt for the password only. If login fails, login(1) will retry, but now prompt for the username before prompting for the password. This feature got broken by how the environment got scrubbed. Before the change in r69825 we removed variables that we deemed dangerous. Starting with r69825 we only keep those variable we know to be safe. The USER environment variable fell through the cracks. It suddenly got scrubbed (i.e. removed from the environment) while still being checked for. It also got explicitly removed from the environment to handle the failed login case. The fix is to obtain the value of the USER environment variable before we scrub the environment and used the "cached" in subsequent checks. This guarantees that the environment does not contain the USER variable in the end, while still being able to implement "automatic" login. Obtained from: Juniper Networks, Inc. |
||
---|---|---|
.. | ||
arpa | ||
libtelnet | ||
telnet | ||
telnetd |