Environment Variable Injection in Solaris
Here’s a trick to inject environment variables to a Unix login session.
1. become root
2. set the environment variables you would like to inject
3. kill the inetd daemon
4. restart the inetd daemon
What happens is that inetd inherits all of the environment variables that are set when it starts up. When it spawns other services like telnet, these environment variables are inherited by those services. In the case of telnet, it sets these for the user’s shell.
The user will wonder where did these variables come from? It’s not in the user’s .cshrc, .login or .profile files. It’s not from any shell initialization files in the home directory or in /etc.
Of course this only affects daemons started by inetd. If you’d like to set these for ssh users, make ssh start from inetd as well. Unless of course sshd cleans up its environment before invoking login.
This works on Solaris 9. I have not tried it on any other Solaris versions,or any Linux for that matter.
This was discovered by accident when I could not figure out why I had some environment variables set upon login using telnet, when I could not find where they were being set.
This is probably a bug in inetd. Inetd should clean up the environment prior to exec’ing the requested service.
