lol seclists.org/oss-sec/2026/q1/8…
telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.
If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes
In telnetd for a decade 💀
This entry was edited (3 days ago)
![Subject: Web3 community-driven funding initiative for curl
Hi Daniel,
I wanted to reach out because the impact you’ve had through curl and libcurl is genuinely foundational.
Also, lately in the crypto world, developers who had fundamental historical impact on the ecosystem are going viral; people are rediscovering the “builders behind the builders.”You are absolutely in that category, and that momentum creates a strong window to do a Web3, community-driven funding initiative that could meaningfully support you and the work around curl.
There’s a real opportunity to raise significant community funding around that impact. This has been done already with Isaac Z. Schlueter (the creator of npm), where a web3 community funding initiative raised $100k+. The point is: when the story is clear and the contribution is undeniable, the community can move in a big way.
I tried contacting you on X, but it looks like your DMs are closed. If you’re open to it, I can share more details to make this work without wasting your time.
You can reach me here:
[bla bla bla]
Thanks for everything you’ve done for the internet and for developers.
Best,
[name]](https://fedi.ml/photo/preview/640/750903 "Subject: Web3 community-driven funding initiative for curl
Hi Daniel,
I wanted to reach out because the impact you’ve had through curl and libcurl is genuinely foundational.
Also, lately in the crypto world, developers who had fundamental historical impact on the ecosystem are going viral; people are rediscovering the “builders behind the builders.”You are absolutely in that category, and that momentum creates a strong window to do a Web3, community-driven funding initiative that could meaningfully support you and the work around curl.
There’s a real opportunity to raise significant community funding around that impact. This has been done already with Isaac Z. Schlueter (the creator of npm), where a web3 community funding initiative raised $100k+. The point is: when the story is clear and the contribution is undeniable, the community can move in a big way.
I tried contacting you on X, but it looks like your DMs are closed. If you’re open to it, I can share more details to make this work without wasting your time.
You can reach me here:
[bla bla bla]
Thanks for everything you’ve done for the internet and for developers.
Best,
[name]")
![Hi Daniel,
My name is Sean, and I’m reaching out with a genuine idea that I believe aligns closely with the ethos of cURL and long-standing open source work.
We work with a small number of creators and maintainers on optional, community-driven projects designed to financially support important software without changing ownership, governance, or how the project itself is developed. The intent is not speculation or hype, but a way for communities to voluntarily support the people behind the tools they rely on.
The reason I’m writing is cURL. It is difficult to overstate how foundational it is to modern software, and yet the economic upside for its creator has historically been limited relative to its impact. We believe there is a respectful opportunity to change that, if and only if you were comfortable with it.
In practice, this would be a web3-based community project where supporters can voluntarily participate, with royalties transparently assigned to you. Importantly, nothing proceeds without explicit approval, and there is no expectation of promotion, endorsement, or ongoing involvement from you unless you choose otherwise.
We have seen this model work in a grounded, non-speculative way already. One recent example is an infrastructure-focused community project supporting Isaac Z. Schlueter, the creator of npm. That project has generated approximately $115k in creator royalties to date, driven primarily by developers who wanted a direct way to give back.
[cut]](https://fedi.ml/photo/preview/640/750905 "Hi Daniel,
My name is Sean, and I’m reaching out with a genuine idea that I believe aligns closely with the ethos of cURL and long-standing open source work.
We work with a small number of creators and maintainers on optional, community-driven projects designed to financially support important software without changing ownership, governance, or how the project itself is developed. The intent is not speculation or hype, but a way for communities to voluntarily support the people behind the tools they rely on.
The reason I’m writing is cURL. It is difficult to overstate how foundational it is to modern software, and yet the economic upside for its creator has historically been limited relative to its impact. We believe there is a respectful opportunity to change that, if and only if you were comfortable with it.
In practice, this would be a web3-based community project where supporters can voluntarily participate, with royalties transparently assigned to you. Importantly, nothing proceeds without explicit approval, and there is no expectation of promotion, endorsement, or ongoing involvement from you unless you choose otherwise.
We have seen this model work in a grounded, non-speculative way already. One recent example is an infrastructure-focused community project supporting Isaac Z. Schlueter, the creator of npm. That project has generated approximately $115k in creator royalties to date, driven primarily by developers who wanted a direct way to give back.
[cut]")
Hubert Figuière
in reply to Kevin Beaumont • • •that remind me of an AIX bug in 1995. `rlogin -f root` and voila.
Fuck I'm old too.