Re: Some telnet clients leak environment variables

[Stuart Henderson <stu () spacehopper org>]

On 2026/03/13 06:37, Justin Swartz wrote:
>   OpenBSD 7.8 [PARTIAL LEAKAGE]
>   
>   The client blocks most variables which have not been explicitly
>   exported, but potentially sensitive variables such as DISPLAY,
>   XAUTHORITY and PRINTER are leaked without prior export.

ha, we've had that for a long time.

---------------------
Date: 2005/02/27 15:46:42
Author: otto
Branch: HEAD
Tag: OPENBSD_3_7_BASE
Log:
- only send exported vars (based on a diff from Solar Designer)
- fix some buffer overflows (also some Solar Designer input)

ok deraadt@ cloder@

Members:
        authenc.c:1.6->1.7
        commands.c:1.47->1.48
        externs.h:1.13->1.14
        telnet.c:1.18->1.19
---------------------